There are many components to consider when designing the workflow for your mobile app updates. One approach is to leverage native app-store update workflows; however, it can be cumbersome to integrate with the different processes for each mobile ecosystem. Many app stores also set limitations for update frequency or data size, have lengthy manual approval processes, and sometimes charge for the update process. All of this increases the time and effort it takes to provision updates to your users. An alternative approach is to build your own in-app update API, but this can consume significant development resources that would be better allocated to projects of higher value to the end user. This webpage describes how to use managed services in the AWS cloud to simplify mobile in-app updates across all mobile platforms.

The following sections include high-level architectural guidance and considerations, and assume prerequisite knowledge of mobile-app publishing and ecosystem-specific app updates. In addition, working knowledge of Amazon Cognito, Amazon DynamoDB, Amazon Simple Storage Service (Amazon S3), Amazon CloudFront, and AWS Identity and Access Management (IAM) roles is helpful.

The following questions will help you decide if this solution is applicable to your use case:

  • Do you have regular content updates for your app?
  • Are the updates for additional content (such as maps, models, point of interest data, or new levels) rather than changes in application functionality?
  • Are the updates time limited (such as holiday-themed updates) or for specific segments of the user base (instead of the entire user base)?

If you answered yes to one or more of these questions, you’re in the right place.

When building mobile apps in the cloud, there are some universal app-design principles that will help you create highly scalable, performant, and resilient applications. For example, ephemeral or event-driven architectures can increase security and significantly lower steady-state server and operational costs. A CDN enables you to distribute your data closer to your users, optimizing for the best user experience and overcoming limitations of mobile connectivity. Also, you should create a custom domain name for your mobile backend, associate that domain with the appropriate services, and then embed the custom name in your mobile client. This allows you to make changes to your online services without requiring you to update your mobile client. Keeping these general principles in mind, consider the following best practices that leverage AWS managed services for mobile app development:

  • If you require user authentication for updates, offload authentication to an identity management service, such as Amazon Cognito. Amazon Cognito integrates with AWS IAM, adding additional security capabilities to your mobile backend, while also removing the burden of managing crucial security features for your app.
  • If you plan to leverage mobile push messaging or emails to notify your users of applicable content updates, integrate Amazon Simple Notification Service (SNS) and Amazon Simple Email Service (SES) into your app to simplify these tasks.
  • If you have more complex versioning logic, take advantage of our managed, highly available database service, Amazon DynamoDB, to enable queries for relevant content. Using DynamoDB in this solution provides the greatest flexibility for enabling your mobile app to query for relevant content updates, preventing superfluous client downloads and content mining.
  • Leverage AWS Lambda to build event-driven architectures that do not require persistent resources. AWS Lambda automatically runs your code in response to events, and allocates resources to resolve requests on an as-needed basis.
  • Use a DNS service, such as Amazon Route 53, to map your custom DNS names to the appropriate services, such as Amazon S3 and Amazon CloudFront.

The following solution creates a comprehensive mobile update process that supports all mobile ecosystems. It offers the flexibility of creating an in-app update capability using AWS managed services to reduce your undifferentiating heavy lifting.

The following reference architecture assumes business requirements to deliver personalized content to mobile users. It provides capabilities to identify and authenticate specific users, perform complex queries to determine relevant content updates, and send notifications to targeted groups of users when updates are applicable to them. The following diagrams outline the end-user and developer-publishing workflows, and include functional components to address these comprehensive requirements.

After a designated event (such as a notification or app start) initializes the update process, it will trigger the following end-user workflow to authenticate the user, and identify and download applicable content.


The end-user workflow is as follows:

  1. The user logs in to a third-party identity provider that you have integrated with an Amazon Cognito identity pool. The identity provider returns an OAuth token, which Amazon Cognito uses to verify the user’s identity. Cognito then returns a temporary authentication token, in the form of an AWS Security Token Service (AWS STS) key pair, for subsequent requests.
  2. The mobile client uses the key pair to query Amazon DynamoDB for data on applicable content updates.
  3. The mobile client retrieves the appropriate content from Amazon S3, leveraging Route 53 to resolve your customer domain name to your CloudFront distribution.

After testing a new build of an app asset, the developer uploads the finalized content to an Amazon S3 bucket, which will initiate this publishing workflow.


The developer workflow is as follows:

  1. Developer uploads the updated content to the Amazon S3 bucket.
  2. The upload event triggers an AWS Lambda function that completes three tasks in parallel:
    • Updates Amazon DynamoDB with the current version of the app and other relevant metadata.
    • Sends any applicable CloudFront invalidation requests.
    • Triggers an Amazon SNS mobile push notification or Amazon SES email notification to your users to inform them of the update.
Download PDF Version of this Solution Brief
Tell us what you think