AWS pinpoint documentation change
Summary
Updated phrasing from 'support end date' to 'end of support date' in migration notice
Security assessment
Minor text edit with no security implications. This is a grammatical improvement without any security-related content changes.
Diff
diff --git a/pinpoint/latest/userguide/migrate.md b/pinpoint/latest/userguide/migrate.md index 574ec1785..8a7500151 100644 --- a//pinpoint/latest/userguide/migrate.md +++ b//pinpoint/latest/userguide/migrate.md @@ -290,0 +291,171 @@ To offboard your events and KPIs from Amazon Pinpoint Analytics or Mobile Analyt +For customers who need to delete Mobile Analytics applications as part of their migration, you can use the following Python script. This script uses AWS Signature Version 4 to authenticate with the Mobile Analytics API. + + 1. Save the following script as `delete_mobile_analytics_application.py`. + + # Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. + # + # This file is licensed under the Apache License, Version 2.0 (the "License"). + # You may not use this file except in compliance with the License. A copy of the + # License is located at + # + # http://aws.amazon.com/apache2.0/ + # + # This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS + # OF ANY KIND, either express or implied. See the License for the specific + # language governing permissions and limitations under the License. + # + # ABOUT THIS PYTHON SAMPLE: This sample is part of the AWS General Reference + # Signing AWS API Requests top available at + # https://docs.aws.amazon.com/general/latest/gr/sigv4-signed-request-examples.html + # + + # AWS Version 4 signing example + + # Delete Mobile Analytics application + + # See: http://docs.aws.amazon.com/general/latest/gr/sigv4_signing.html + # This version makes a DELETE request and passes the signature + # in the Authorization header. + import sys, os, base64, datetime, hashlib, hmac + import requests # pip install requests + import argparse + + # Parse command line arguments + parser = argparse.ArgumentParser(description='Delete a Mobile Analytics application') + parser.add_argument('--appId', type=str, help='Mobile Analytics application ID to be deleted', required=True) + args = parser.parse_args() + + # ************* REQUEST VALUES ************* + delimiter = "/" + method = 'DELETE' + service = 'mobileanalytics' + host = 'mobileanalytics.us-east-1.amazonaws.com' + region = 'us-east-1' + appId = args.appId # Use the appId from command line arguments + endpoint = 'https://mobileanalytics.us-east-1.amazonaws.com/2016-07-01/apps' + delimiter + appId + request_parameters = '' + + + # Function for signing. Refer the AWS documentation below for more details. + # http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python + def sign(key, msg): + return hmac.new(key, msg.encode('utf-8'), hashlib.sha256).digest() + + + # Function for computing signature key. Refer the AWS documentation below for more details. + # http://docs.aws.amazon.com/general/latest/gr/signature-v4-examples.html#signature-v4-examples-python. + def getSignatureKey(key, dateStamp, regionName, serviceName): + kDate = sign(('AWS4' + key).encode('utf-8'), dateStamp) + kRegion = sign(kDate, regionName) + kService = sign(kRegion, serviceName) + kSigning = sign(kService, 'aws4_request') + return kSigning + + + # Read AWS access key from environment variables or configuration file. Best practice is NOT + # to embed credentials in code. + access_key = os.environ.get('AWS_ACCESS_KEY_ID') + secret_key = os.environ.get('AWS_SECRET_ACCESS_KEY') + session_token = os.environ.get('AWS_SESSION_TOKEN') + if access_key is None or secret_key is None: + print('No access key is available.') + sys.exit() + + # Create a date for headers and the credential string + t = datetime.datetime.now(datetime.UTC) + amzdate = t.strftime('%Y%m%dT%H%M%SZ') + datestamp = t.strftime('%Y%m%d') # Date w/o time, used in credential scope + + # ************* TASK 1: CREATE A CANONICAL REQUEST ************* + # http://docs.aws.amazon.com/general/latest/gr/sigv4-create-canonical-request.html + + # Step 1 is to define the verb (GET, POST, etc.)--already done with defining "method" variable above. + + # Step 2: Create canonical URI--the part of the URI from domain to query + # string (use '/' if no path) + canonical_uri = '/2016-07-01/apps' + delimiter + appId + + # Step 3: Create the canonical query string. In this example (a DELETE request), + # request parameters are in the query string. Query string values must + # be URL-encoded (space=%20). The parameters must be sorted by name. + # For this example, the query string is pre-formatted in the request_parameters variable. + canonical_querystring = request_parameters + + # Step 4: Create the canonical headers and signed headers. Header names + # must be trimmed and lowercase, and sorted in code point order from + # low to high. Note that there is a trailing \n. + canonical_headers = 'host:' + host + '\n' + 'x-amz-date:' + amzdate + '\n' + + # Step 5: Create the list of signed headers. This lists the headers + # in the canonical_headers list, delimited with ";" and in alpha order. + # Note: The request can include any headers; canonical_headers and + # signed_headers lists those that you want to be included in the + # hash of the request. "Host" and "x-amz-date" are always required. + signed_headers = 'host;x-amz-date' + + # Step 6: Create payload hash (hash of the request body content). For GET + # requests, the payload is an empty string (""). + payload_hash = hashlib.sha256(request_parameters.encode('utf-8')).hexdigest() + + # Step 7: Combine elements to create canonical request + canonical_request = method + '\n' + canonical_uri + '\n' + canonical_querystring + '\n' + canonical_headers + '\n' + signed_headers + '\n' + payload_hash + + # ************* TASK 2: CREATE THE STRING TO SIGN************* + # Match the algorithm to the hashing algorithm you use, either SHA-1 or + # SHA-256 (recommended) + algorithm = 'AWS4-HMAC-SHA256' + credential_scope = datestamp + '/' + region + '/' + service + '/' + 'aws4_request' + string_to_sign = algorithm + '\n' + amzdate + '\n' + credential_scope + '\n' + hashlib.sha256( + canonical_request.encode('utf-8')).hexdigest() + + # ************* TASK 3: CALCULATE THE SIGNATURE ************* + # Create the signing key using the function defined above. + signing_key = getSignatureKey(secret_key, datestamp, region, service) + + # Compute signature by invoking hmac.new method by passing signingkey, string_to_sign + signature = hmac.new(signing_key, string_to_sign.encode('utf-8'), hashlib.sha256).hexdigest() + + # ************* TASK 4: ADD SIGNING INFORMATION TO THE REQUEST ************* + # The signing information can be either in a query string value or in + # a header named Authorization. This code shows how to use a header. + # Create authorization header and add to request headers + authorization_header = algorithm + ' ' + 'Credential=' + access_key + '/' + credential_scope + ', ' + 'SignedHeaders=' + signed_headers + ', ' + 'Signature=' + signature + + # The request can include any headers, but MUST include "host", "x-amz-date", + # and (for this scenario) "Authorization". "host" and "x-amz-date" must + # be included in the canonical_headers and signed_headers, as noted + # earlier. Order here is not significant. + # Python note: The 'host' header is added automatically by the Python 'requests' library. + headers = { + 'x-amz-date': amzdate, + 'accept': 'application/hal+json', + 'content-type': 'application/json; charset=UTF-8', + 'Authorization': authorization_header} + + if session_token: + headers['X-Amz-Security-Token'] = session_token + + # ************* SEND THE REQUEST ************* + request_url = endpoint + '?' + canonical_querystring + + print('\nBEGIN REQUEST++++++++++++++++++++++++++++++++++++') + print('Request URL = ' + request_url) + print('Request Headers = ', headers) + + r = requests.delete(request_url, data=request_parameters, headers=headers) + + print('\nRESPONSE++++++++++++++++++++++++++++++++++++') + print('Response code: %d\n' % r.status_code) + print(r.text) + + 2. Ensure you have valid AWS credentials set as environment variables. + + 3. Run the script with your Mobile Analytics application ID: + + python delete_mobile_analytics_application.py --appId <YOUR_MOBILE_ANALYTICS_APP_ID> + + + + +This script makes a `DELETE` request to the Mobile Analytics API to remove the specified application. Make sure to run this for each Mobile Analytics application you need to delete. + @@ -293 +464 @@ To offboard your events and KPIs from Amazon Pinpoint Analytics or Mobile Analyt -Active Mobile Analytics customers can continue to ingest events through `putEvents` API and view them in Amazon Pinpoint until Amazon Pinpoint support end date. +Active Mobile Analytics customers can continue to ingest events through `putEvents` API and view them in Amazon Pinpoint until the Amazon Pinpoint end of support date.