Doc AWS SDK 예제 GitHub 리포지토리에서 더 많은 SDK 예제를 사용할 수 있습니다. [AWS](https://github.com/awsdocs/aws-doc-sdk-examples) 기계 번역으로 제공되는 번역입니다. 제공된 번역과 원본 영어의 내용이 상충하는 경우에는 영어 버전이 우선합니다. # Bash 스크립트와 AWS CLI 함께를 사용하는 Amazon Pinpoint 예제 다음 코드 예제에서는 Amazon Pinpoint에서 Bash 스크립트 AWS Command Line Interface 와 함께를 사용하여 작업을 수행하고 일반적인 시나리오를 구현하는 방법을 보여줍니다. *시나리오*는 동일한 서비스 내에서 또는 다른 AWS 서비스와 결합된 상태에서 여러 함수를 직접적으로 호출하여 특정 태스크를 수행하는 방법을 보여주는 코드 예제입니다. 각 예시에는 전체 소스 코드에 대한 링크가 포함되어 있으며, 여기에서 컨텍스트에 맞춰 코드를 설정하고 실행하는 방법에 대한 지침을 찾을 수 있습니다. **Topics** + [시나리오](#scenarios) ## 시나리오 ### End User Messaging Push 시작하기 다음 코드 예제에서는 다음과 같은 작업을 수행하는 방법을 보여줍니다. + 애플리케이션 만들기 + 푸시 알림 채널 활성화 + 푸시 알림 전송 + 리소스 정리 **AWS CLI Bash 스크립트 사용** GitHub에 더 많은 내용이 있습니다. [샘플 개발자 튜토리얼](https://github.com/aws-samples/sample-developer-tutorials/tree/main/tuts/049-aws-end-user-messaging-gs) 리포지토리에서 전체 예제를 찾아보고 설정 및 실행 방법을 배워보세요. ``` #!/bin/bash # AWS End User Messaging Push Getting Started Script # This script creates an AWS End User Messaging Push application and demonstrates # how to enable push notification channels and send a test message. # # Prerequisites: # - AWS CLI installed and configured # - Appropriate IAM permissions for Pinpoint operations # # Usage: ./aws-end-user-messaging-gs.sh [--auto-cleanup] set -uo pipefail # Security: Set secure umask for created files umask 0077 # Set up logging LOG_DIR="./aws-eump-logs" mkdir -p "$LOG_DIR" LOG_FILE="$LOG_DIR/aws-end-user-messaging-push-script-$(date +%Y%m%d-%H%M%S).log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting AWS End User Messaging Push setup script..." echo "Logging to $LOG_FILE" echo "Timestamp: $(date)" # Security: Track created resources for cleanup declare -a TEMP_FILES=() declare -a AWS_RESOURCES=() # Cleanup function with improved security cleanup() { local exit_code=$? echo "Cleaning up temporary resources..." # Remove temporary files securely for temp_file in "${TEMP_FILES[@]+"${TEMP_FILES[@]}"}"; do if [ -f "$temp_file" ]; then shred -vfz -n 3 "$temp_file" 2>/dev/null || rm -f "$temp_file" fi done # Optionally delete AWS resources if [ "${DELETE_AWS_RESOURCES:-false}" = "true" ]; then for resource in "${AWS_RESOURCES[@]+"${AWS_RESOURCES[@]}"}"; do echo "Deleting AWS resource: $resource" aws pinpoint delete-app --application-id "$resource" 2>/dev/null || \ echo "Warning: Failed to delete application $resource" done fi exit "$exit_code" } trap cleanup EXIT INT TERM # Function to check for errors in command output check_error() { local output=$1 local cmd=$2 local ignore_error=${3:-false} if echo "$output" | grep -qi "error\|exception\|fail"; then echo "ERROR: Command failed: $cmd" >&2 echo "Error details: $output" >&2 if [ "$ignore_error" = "true" ]; then echo "Ignoring error and continuing..." >&2 return 1 else return 2 fi fi return 0 } # Function to validate AWS CLI is configured validate_aws_cli() { echo "Validating AWS CLI configuration..." # Check if AWS CLI is installed if ! command -v aws &> /dev/null; then echo "ERROR: AWS CLI is not installed. Please install it first." >&2 echo "Visit: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html" >&2 return 1 fi # Check AWS CLI version AWS_VERSION=$(aws --version 2>&1 | head -n1) echo "AWS CLI version: $AWS_VERSION" # Verify credentials are set (check for credential env vars or config file) if ! aws sts get-caller-identity &> /dev/null; then echo "ERROR: AWS CLI credentials are not configured or invalid." >&2 echo "Please configure credentials via environment variables, credential file, or 'aws configure'" >&2 return 1 fi # Get current AWS identity and region CALLER_IDENTITY=$(aws sts get-caller-identity) CURRENT_REGION=$(aws configure get region 2>/dev/null || echo "us-east-1") echo "AWS CLI configured for:" echo "$CALLER_IDENTITY" echo "Current region: $CURRENT_REGION" echo "" return 0 } # Function to check if jq is available for JSON parsing check_json_tools() { if command -v jq &> /dev/null; then USE_JQ=true echo "jq is available for JSON parsing" else USE_JQ=false echo "jq is not available, using grep for JSON parsing" echo "Consider installing jq for better JSON handling: https://stedolan.github.io/jq/" fi } # Function to extract JSON values safely extract_json_value() { local json=$1 local key=$2 if [ "$USE_JQ" = "true" ]; then echo "$json" | jq -r ".ApplicationResponse.$key // empty" 2>/dev/null || echo "" else # Fallback to grep method with better validation echo "$json" | grep -o "\"$key\": \"[^\"]*" | cut -d'"' -f4 | head -n1 || echo "" fi } # Function to validate required IAM permissions validate_permissions() { echo "Validating IAM permissions..." # Test basic Pinpoint permissions if ! aws pinpoint get-apps > /dev/null 2>&1; then echo "WARNING: Unable to list Pinpoint applications." >&2 echo "Please ensure you have appropriate IAM permissions for Pinpoint operations." >&2 echo "Required permissions:" >&2 echo " - mobiletargeting:GetApps" >&2 echo " - mobiletargeting:CreateApp" >&2 echo " - mobiletargeting:DeleteApp" >&2 echo " - mobiletargeting:UpdateGcmChannel" >&2 echo " - mobiletargeting:UpdateApnsChannel" >&2 echo " - mobiletargeting:SendMessages" >&2 else echo "Basic Pinpoint permissions validated." fi } # Function to validate input parameters validate_input() { local app_name=$1 # Validate app name length and characters if [ ${#app_name} -gt 64 ]; then echo "ERROR: Application name exceeds maximum length of 64 characters" >&2 return 1 fi if ! [[ "$app_name" =~ ^[a-zA-Z0-9_-]+$ ]]; then echo "ERROR: Application name contains invalid characters" >&2 return 1 fi return 0 } # Function to create secure temporary files create_temp_file() { local temp_file temp_file=$(mktemp) || { echo "ERROR: Failed to create temporary file" >&2 return 1 } chmod 600 "$temp_file" TEMP_FILES+=("$temp_file") echo "$temp_file" } # Validate prerequisites if ! validate_aws_cli; then exit 1 fi check_json_tools validate_permissions # Generate a random suffix for resource names to avoid conflicts RANDOM_SUFFIX=$(LC_ALL=C tr -dc 'a-z0-9' < /dev/urandom | fold -w 8 | head -n1) APP_NAME="PushNotificationApp-${RANDOM_SUFFIX}" # Validate input if ! validate_input "$APP_NAME"; then exit 1 fi echo "Creating application with name: $APP_NAME" # Step 1: Create an application echo "Executing: aws pinpoint create-app --create-application-request Name=${APP_NAME}" CREATE_APP_OUTPUT=$(aws pinpoint create-app --create-application-request "Name=${APP_NAME},tags={project=doc-smith,tutorial=aws-end-user-messaging-gs}" 2>&1) if ! check_error "$CREATE_APP_OUTPUT" "create-app"; then exit 1 fi echo "Application created successfully:" echo "$CREATE_APP_OUTPUT" # Extract the application ID from the output APP_ID=$(extract_json_value "$CREATE_APP_OUTPUT" "Id") if [ -z "$APP_ID" ] || [ "$APP_ID" = "null" ]; then echo "ERROR: Failed to extract application ID from output" >&2 echo "Output was: $CREATE_APP_OUTPUT" >&2 exit 1 fi echo "Application ID: $APP_ID" AWS_RESOURCES+=("$APP_ID") # Step 2: Enable FCM (GCM) channel with a sample API key echo "" echo "===========================================" echo "ENABLING FCM (GCM) CHANNEL" echo "===========================================" echo "Note: This is using a placeholder API key for demonstration purposes only." echo "In a production environment, you should use your actual FCM API key from Firebase Console." echo "" echo "IMPORTANT: The following command will likely fail because we're using a placeholder API key." echo "This is expected behavior for this demonstration script." echo "Executing: aws pinpoint update-gcm-channel --application-id $APP_ID --gcm-channel-request ..." UPDATE_GCM_OUTPUT=$(aws pinpoint update-gcm-channel \ --application-id "$APP_ID" \ --gcm-channel-request '{"Enabled": true, "ApiKey": "sample-fcm-api-key-for-demo-only"}' 2>&1) # We'll ignore this specific error since we're using a placeholder API key if check_error "$UPDATE_GCM_OUTPUT" "update-gcm-channel" "true"; then echo "FCM channel enabled successfully:" echo "$UPDATE_GCM_OUTPUT" else echo "As expected, FCM channel update failed with the placeholder API key." echo "Error details: $UPDATE_GCM_OUTPUT" echo "" echo "To enable FCM in production:" echo "1. Go to Firebase Console (https://console.firebase.google.com/)" echo "2. Create or select your project" echo "3. Go to Project Settings > Cloud Messaging" echo "4. Copy the Server Key" echo "5. Replace 'sample-fcm-api-key-for-demo-only' with your actual Server Key" fi # Step 3: Try to enable APNS channel (this will also fail without real certificates) echo "" echo "===========================================" echo "ENABLING APNS CHANNEL (OPTIONAL)" echo "===========================================" echo "Attempting to enable APNS channel with placeholder certificate..." echo "This will also fail without real APNS certificates, which is expected." # Create a placeholder APNS configuration echo "Executing: aws pinpoint update-apns-channel --application-id $APP_ID --apns-channel-request ..." UPDATE_APNS_OUTPUT=$(aws pinpoint update-apns-channel \ --application-id "$APP_ID" \ --apns-channel-request '{"Enabled": true, "Certificate": "placeholder-certificate", "PrivateKey": "placeholder-private-key"}' 2>&1) if check_error "$UPDATE_APNS_OUTPUT" "update-apns-channel" "true"; then echo "APNS channel enabled successfully:" echo "$UPDATE_APNS_OUTPUT" else echo "As expected, APNS channel update failed with placeholder certificates." echo "Error details: $UPDATE_APNS_OUTPUT" echo "" echo "To enable APNS in production:" echo "1. Generate APNS certificates from Apple Developer Console" echo "2. Convert certificates to PEM format" echo "3. Use the actual certificate and private key in the update-apns-channel command" fi # Step 4: Create message files for different platforms echo "" echo "===========================================" echo "CREATING MESSAGE FILES" echo "===========================================" # Create FCM message file securely GCM_MESSAGE_FILE=$(create_temp_file) echo "Creating FCM message file..." cat > "$GCM_MESSAGE_FILE" << 'EOF' { "Addresses": { "SAMPLE-DEVICE-TOKEN-FCM": { "ChannelType": "GCM" } }, "MessageConfiguration": { "GCMMessage": { "Action": "OPEN_APP", "Body": "Hello from AWS End User Messaging Push! This is an FCM notification.", "Priority": "normal", "SilentPush": false, "Title": "My First FCM Push Notification", "TimeToLive": 30, "Data": { "key1": "value1", "key2": "value2" } } } } EOF # Create APNS message file securely APNS_MESSAGE_FILE=$(create_temp_file) echo "Creating APNS message file..." cat > "$APNS_MESSAGE_FILE" << 'EOF' { "Addresses": { "SAMPLE-DEVICE-TOKEN-APNS": { "ChannelType": "APNS" } }, "MessageConfiguration": { "APNSMessage": { "Action": "OPEN_APP", "Body": "Hello from AWS End User Messaging Push! This is an APNS notification.", "Priority": "normal", "SilentPush": false, "Title": "My First APNS Push Notification", "TimeToLive": 30, "Badge": 1, "Sound": "default" } } } EOF echo "Message files created:" echo "- FCM message file (for FCM/Android)" echo "- APNS message file (for APNS/iOS)" echo "" echo "Note: These messages use placeholder device tokens and will not actually be delivered." echo "To send real messages, you would need to replace the sample device tokens with actual ones." # Step 5: Demonstrate how to send messages (this will fail with placeholder tokens) echo "" echo "===========================================" echo "DEMONSTRATING MESSAGE SENDING" echo "===========================================" echo "Attempting to send FCM message (will fail with placeholder token)..." echo "Executing: aws pinpoint send-messages --application-id $APP_ID --message-request file://" SEND_FCM_OUTPUT=$(aws pinpoint send-messages \ --application-id "$APP_ID" \ --message-request "file://$GCM_MESSAGE_FILE" 2>&1) if check_error "$SEND_FCM_OUTPUT" "send-messages (FCM)" "true"; then echo "FCM message sent successfully:" echo "$SEND_FCM_OUTPUT" else echo "As expected, FCM message sending failed with placeholder token." echo "Error details: $SEND_FCM_OUTPUT" fi echo "" echo "Attempting to send APNS message (will fail with placeholder token)..." echo "Executing: aws pinpoint send-messages --application-id $APP_ID --message-request file://" SEND_APNS_OUTPUT=$(aws pinpoint send-messages \ --application-id "$APP_ID" \ --message-request "file://$APNS_MESSAGE_FILE" 2>&1) if check_error "$SEND_APNS_OUTPUT" "send-messages (APNS)" "true"; then echo "APNS message sent successfully:" echo "$SEND_APNS_OUTPUT" else echo "As expected, APNS message sending failed with placeholder token." echo "Error details: $SEND_APNS_OUTPUT" fi # Step 6: Show application details echo "" echo "===========================================" echo "APPLICATION DETAILS" echo "===========================================" echo "Retrieving application details..." echo "Executing: aws pinpoint get-app --application-id $APP_ID" GET_APP_OUTPUT=$(aws pinpoint get-app --application-id "$APP_ID" 2>&1) if check_error "$GET_APP_OUTPUT" "get-app"; then echo "Application details:" echo "$GET_APP_OUTPUT" fi # Display summary of created resources echo "" echo "===========================================" echo "RESOURCES CREATED" echo "===========================================" echo "AWS Resources:" for resource in "${AWS_RESOURCES[@]+"${AWS_RESOURCES[@]}"}"; do echo "- Application: $resource" done echo "" echo "Files created:" echo "- $LOG_FILE (script log)" # Auto-cleanup information echo "" echo "===========================================" echo "CLEANUP INFORMATION" echo "===========================================" echo "This script created AWS resources that may incur charges." echo "AWS resources will be automatically cleaned up on script exit." echo "" echo "To manually delete resources later, use:" echo " aws pinpoint delete-app --application-id $APP_ID" # Set flag to delete AWS resources on cleanup DELETE_AWS_RESOURCES=true echo "" echo "===========================================" echo "SCRIPT COMPLETED SUCCESSFULLY" echo "===========================================" echo "This script demonstrated:" echo "1. Creating an AWS End User Messaging Push application" echo "2. Attempting to enable FCM and APNS channels (with placeholder credentials)" echo "3. Creating message templates for different platforms" echo "4. Demonstrating message sending commands (with placeholder tokens)" echo "5. Retrieving application details" echo "6. Proper cleanup of resources" echo "" echo "Security best practices implemented:" echo "- Secure temporary file handling with restricted permissions" echo "- Input validation for application names" echo "- Error handling with proper exit codes" echo "- Credential validation before AWS operations" echo "- Automatic cleanup on script exit" echo "- Secure file destruction for sensitive data" echo "" echo "For production use:" echo "- Replace placeholder API keys with real FCM server keys" echo "- Replace placeholder certificates with real APNS certificates" echo "- Replace placeholder device tokens with real device tokens" echo "- Use AWS IAM roles instead of long-term credentials" echo "- Implement comprehensive error handling" echo "- Store sensitive credentials in AWS Secrets Manager or Parameter Store" echo "- Enable CloudTrail for audit logging" echo "- Use VPC endpoints for private AWS API access" echo "" echo "Log file: $LOG_FILE" echo "Script completed at: $(date)" ``` + API 세부 정보는 **AWS CLI 명령 참조의 다음 토픽을 참조하세요. + [CreateApp](https://docs.aws.amazon.com/goto/aws-cli/pinpoint-2016-12-01/CreateApp) + [DeleteApp](https://docs.aws.amazon.com/goto/aws-cli/pinpoint-2016-12-01/DeleteApp) + [GetApp](https://docs.aws.amazon.com/goto/aws-cli/pinpoint-2016-12-01/GetApp) + [GetApps](https://docs.aws.amazon.com/goto/aws-cli/pinpoint-2016-12-01/GetApps) + [GetCallerIdentity](https://docs.aws.amazon.com/goto/aws-cli/sts-2011-06-15/GetCallerIdentity) + [SendMessages](https://docs.aws.amazon.com/goto/aws-cli/pinpoint-2016-12-01/SendMessages) + [UpdateApnsChannel](https://docs.aws.amazon.com/goto/aws-cli/pinpoint-2016-12-01/UpdateApnsChannel) + [UpdateGcmChannel](https://docs.aws.amazon.com/goto/aws-cli/pinpoint-2016-12-01/UpdateGcmChannel)