How do I create an APNs platform application for sending push notifications in Amazon SNS using the AWS CLI?

Last updated: 2022-08-25

I want to create an Apple Push Notification Service (APNs) platform application in Amazon Simple Notification Service (Amazon SNS) to send push notifications. How do I create an APNs platform application using the AWS Command Line Interface (AWS CLI) instead of the Amazon SNS console?

Short description

To create an APNs platform application in Amazon SNS using the AWS CLI, run the create-platform-application command.

For more information, see CreatePlatformApplication in the Amazon SNS API Reference.

Note: You can also create a platform application in the Amazon SNS console.

Resolution

Note: Amazon SNS push notifications aren't available in all AWS Regions. For more information, see Supported Regions for mobile applications. If you receive errors when running AWS CLI commands, make sure that you're using the most recent version of the AWS CLI.

Prerequisites

You must have a valid application for iOS, VoIP, or MacOS. You must also have the following resources from your Apple Developer account, based on your application's authentication method:

For certificate-based authentication

  • A valid TLS certificate

For token-based authentication

  • A valid token signing key
  • A valid Apple Team ID
  • A valid Apple Bundle ID

For more information, see Prerequisites for Amazon SNS user notifications and Apple authentication methods in the Amazon SNS Developer Guide.

To create an APNs platform application in Amazon SNS using the AWS CLI

For certificate-based authentication

1.    Run the following command:

Important: Replace Your_Application_Name with your application's name. Replace Certificates.p12 with your PKCS#12 file. Replace the platform value with APNS_SANDBOX or APNS, based on your use case. Make sure that you run the command in the same directory where your PKCS#12 file is located.

aws sns create-platform-application --name Your_Application_Name --platform APNS_SANDBOX --attributes PlatformCredential="\"$(openssl pkcs12 -in Certificates.p12 -nodes -nocerts)\"",PlatformPrincipal="\"$(openssl pkcs12 -in Certificates.p12 -nodes -nokeys)\""

Note: For Apple services using certificate credentials, PlatformCredential is a private key. PlatformPrincipal is the SSL certificate. The OpenSSL pkcs12 command parses a PKCS#12 file into a readable format for certificate-based authentication. For more information, see pkcs12 on the OpenSSL website.

A prompt to enter an import password value appears.

2.    For import password, enter the password that was created when you exported the PKCS#12 file from the Keychain Access app.

For token-based authentication

Run the following command:

Important: Replace PlatformCredential with your token signing key. Replace PlatformPrincipal with your token signing key ID. Replace ApplePlatformTeamID with your Apple Team ID. Replace ApplePlatformBundleID with your Apple Bundle ID. Replace the platform value with APNS_SANDBOX or APNS, based on your use case. Replace Token.p8 with your PKCS#8 file. Make sure that you run the command in the same directory where your PKCS#8 file is located.

aws sns create-platform-application --name token --platform APNS_SANDBOX --attributes ApplePlatformTeamID=XXXXXXX,ApplePlatformBundleID=com.XXXXX,PlatformPrincipal=XXXXXXX,PlatformCredential="\"$(openssl pkcs8 -in Token.p8 -nocrypt)\""

Note: For Apple services using token credentials, PlatformCredential is a token signing key. PlatformPrincipal is the token signing key ID. The OpenSSL pkcs8 command processes private keys in PKCS#8 format and parses them into a readable format for token-based authentication. For more information, see pkcs8 on the OpenSSL website.

For more information about platform attributes, see SeePlatformApplicationAttributes in the Amazon SNS API Reference.


Did this article help?


Do you need billing or technical support?