There are more AWS SDK examples available in the AWS Doc SDK Examples
Amazon Pinpoint examples using AWS CLI with Bash script
The following code examples show you how to perform actions and implement common scenarios by using the AWS Command Line Interface with Bash script with Amazon Pinpoint.
Scenarios are code examples that show you how to accomplish specific tasks by calling multiple functions within a service or combined with other AWS services.
Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.
Topics
Scenarios
The following code example shows how to:
Create an application
Enable push notification channels
Send a push notification
Clean up resources
- AWS CLI with Bash script
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the Sample developer tutorials
repository. #!/bin/bash # AWS End User Messaging Push Getting Started Script # This script creates an AWS End User Messaging Push application and demonstrates # how to enable push notification channels and send a test message. # # Prerequisites: # - AWS CLI installed and configured # - Appropriate IAM permissions for Pinpoint operations # # Usage: ./aws-end-user-messaging-gs.sh [--auto-cleanup] set -uo pipefail # Security: Set secure umask for created files umask 0077 # Set up logging LOG_DIR="./aws-eump-logs" mkdir -p "$LOG_DIR" LOG_FILE="$LOG_DIR/aws-end-user-messaging-push-script-$(date +%Y%m%d-%H%M%S).log" exec > >(tee -a "$LOG_FILE") 2>&1 echo "Starting AWS End User Messaging Push setup script..." echo "Logging to $LOG_FILE" echo "Timestamp: $(date)" # Security: Track created resources for cleanup declare -a TEMP_FILES=() declare -a AWS_RESOURCES=() # Cleanup function with improved security cleanup() { local exit_code=$? echo "Cleaning up temporary resources..." # Remove temporary files securely for temp_file in "${TEMP_FILES[@]+"${TEMP_FILES[@]}"}"; do if [ -f "$temp_file" ]; then shred -vfz -n 3 "$temp_file" 2>/dev/null || rm -f "$temp_file" fi done # Optionally delete AWS resources if [ "${DELETE_AWS_RESOURCES:-false}" = "true" ]; then for resource in "${AWS_RESOURCES[@]+"${AWS_RESOURCES[@]}"}"; do echo "Deleting AWS resource: $resource" aws pinpoint delete-app --application-id "$resource" 2>/dev/null || \ echo "Warning: Failed to delete application $resource" done fi exit "$exit_code" } trap cleanup EXIT INT TERM # Function to check for errors in command output check_error() { local output=$1 local cmd=$2 local ignore_error=${3:-false} if echo "$output" | grep -qi "error\|exception\|fail"; then echo "ERROR: Command failed: $cmd" >&2 echo "Error details: $output" >&2 if [ "$ignore_error" = "true" ]; then echo "Ignoring error and continuing..." >&2 return 1 else return 2 fi fi return 0 } # Function to validate AWS CLI is configured validate_aws_cli() { echo "Validating AWS CLI configuration..." # Check if AWS CLI is installed if ! command -v aws &> /dev/null; then echo "ERROR: AWS CLI is not installed. Please install it first." >&2 echo "Visit: https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html" >&2 return 1 fi # Check AWS CLI version AWS_VERSION=$(aws --version 2>&1 | head -n1) echo "AWS CLI version: $AWS_VERSION" # Verify credentials are set (check for credential env vars or config file) if ! aws sts get-caller-identity &> /dev/null; then echo "ERROR: AWS CLI credentials are not configured or invalid." >&2 echo "Please configure credentials via environment variables, credential file, or 'aws configure'" >&2 return 1 fi # Get current AWS identity and region CALLER_IDENTITY=$(aws sts get-caller-identity) CURRENT_REGION=$(aws configure get region 2>/dev/null || echo "us-east-1") echo "AWS CLI configured for:" echo "$CALLER_IDENTITY" echo "Current region: $CURRENT_REGION" echo "" return 0 } # Function to check if jq is available for JSON parsing check_json_tools() { if command -v jq &> /dev/null; then USE_JQ=true echo "jq is available for JSON parsing" else USE_JQ=false echo "jq is not available, using grep for JSON parsing" echo "Consider installing jq for better JSON handling: https://stedolan.github.io/jq/" fi } # Function to extract JSON values safely extract_json_value() { local json=$1 local key=$2 if [ "$USE_JQ" = "true" ]; then echo "$json" | jq -r ".ApplicationResponse.$key // empty" 2>/dev/null || echo "" else # Fallback to grep method with better validation echo "$json" | grep -o "\"$key\": \"[^\"]*" | cut -d'"' -f4 | head -n1 || echo "" fi } # Function to validate required IAM permissions validate_permissions() { echo "Validating IAM permissions..." # Test basic Pinpoint permissions if ! aws pinpoint get-apps > /dev/null 2>&1; then echo "WARNING: Unable to list Pinpoint applications." >&2 echo "Please ensure you have appropriate IAM permissions for Pinpoint operations." >&2 echo "Required permissions:" >&2 echo " - mobiletargeting:GetApps" >&2 echo " - mobiletargeting:CreateApp" >&2 echo " - mobiletargeting:DeleteApp" >&2 echo " - mobiletargeting:UpdateGcmChannel" >&2 echo " - mobiletargeting:UpdateApnsChannel" >&2 echo " - mobiletargeting:SendMessages" >&2 else echo "Basic Pinpoint permissions validated." fi } # Function to validate input parameters validate_input() { local app_name=$1 # Validate app name length and characters if [ ${#app_name} -gt 64 ]; then echo "ERROR: Application name exceeds maximum length of 64 characters" >&2 return 1 fi if ! [[ "$app_name" =~ ^[a-zA-Z0-9_-]+$ ]]; then echo "ERROR: Application name contains invalid characters" >&2 return 1 fi return 0 } # Function to create secure temporary files create_temp_file() { local temp_file temp_file=$(mktemp) || { echo "ERROR: Failed to create temporary file" >&2 return 1 } chmod 600 "$temp_file" TEMP_FILES+=("$temp_file") echo "$temp_file" } # Validate prerequisites if ! validate_aws_cli; then exit 1 fi check_json_tools validate_permissions # Generate a random suffix for resource names to avoid conflicts RANDOM_SUFFIX=$(LC_ALL=C tr -dc 'a-z0-9' < /dev/urandom | fold -w 8 | head -n1) APP_NAME="PushNotificationApp-${RANDOM_SUFFIX}" # Validate input if ! validate_input "$APP_NAME"; then exit 1 fi echo "Creating application with name: $APP_NAME" # Step 1: Create an application echo "Executing: aws pinpoint create-app --create-application-request Name=${APP_NAME}" CREATE_APP_OUTPUT=$(aws pinpoint create-app --create-application-request "Name=${APP_NAME}" 2>&1) if ! check_error "$CREATE_APP_OUTPUT" "create-app"; then exit 1 fi echo "Application created successfully:" echo "$CREATE_APP_OUTPUT" # Extract the application ID from the output APP_ID=$(extract_json_value "$CREATE_APP_OUTPUT" "Id") if [ -z "$APP_ID" ] || [ "$APP_ID" = "null" ]; then echo "ERROR: Failed to extract application ID from output" >&2 echo "Output was: $CREATE_APP_OUTPUT" >&2 exit 1 fi echo "Application ID: $APP_ID" AWS_RESOURCES+=("$APP_ID") # Step 2: Enable FCM (GCM) channel with a sample API key echo "" echo "===========================================" echo "ENABLING FCM (GCM) CHANNEL" echo "===========================================" echo "Note: This is using a placeholder API key for demonstration purposes only." echo "In a production environment, you should use your actual FCM API key from Firebase Console." echo "" echo "IMPORTANT: The following command will likely fail because we're using a placeholder API key." echo "This is expected behavior for this demonstration script." echo "Executing: aws pinpoint update-gcm-channel --application-id $APP_ID --gcm-channel-request ..." UPDATE_GCM_OUTPUT=$(aws pinpoint update-gcm-channel \ --application-id "$APP_ID" \ --gcm-channel-request '{"Enabled": true, "ApiKey": "sample-fcm-api-key-for-demo-only"}' 2>&1) # We'll ignore this specific error since we're using a placeholder API key if check_error "$UPDATE_GCM_OUTPUT" "update-gcm-channel" "true"; then echo "FCM channel enabled successfully:" echo "$UPDATE_GCM_OUTPUT" else echo "As expected, FCM channel update failed with the placeholder API key." echo "Error details: $UPDATE_GCM_OUTPUT" echo "" echo "To enable FCM in production:" echo "1. Go to Firebase Console (https://console.firebase.google.com/)" echo "2. Create or select your project" echo "3. Go to Project Settings > Cloud Messaging" echo "4. Copy the Server Key" echo "5. Replace 'sample-fcm-api-key-for-demo-only' with your actual Server Key" fi # Step 3: Try to enable APNS channel (this will also fail without real certificates) echo "" echo "===========================================" echo "ENABLING APNS CHANNEL (OPTIONAL)" echo "===========================================" echo "Attempting to enable APNS channel with placeholder certificate..." echo "This will also fail without real APNS certificates, which is expected." # Create a placeholder APNS configuration echo "Executing: aws pinpoint update-apns-channel --application-id $APP_ID --apns-channel-request ..." UPDATE_APNS_OUTPUT=$(aws pinpoint update-apns-channel \ --application-id "$APP_ID" \ --apns-channel-request '{"Enabled": true, "Certificate": "placeholder-certificate", "PrivateKey": "placeholder-private-key"}' 2>&1) if check_error "$UPDATE_APNS_OUTPUT" "update-apns-channel" "true"; then echo "APNS channel enabled successfully:" echo "$UPDATE_APNS_OUTPUT" else echo "As expected, APNS channel update failed with placeholder certificates." echo "Error details: $UPDATE_APNS_OUTPUT" echo "" echo "To enable APNS in production:" echo "1. Generate APNS certificates from Apple Developer Console" echo "2. Convert certificates to PEM format" echo "3. Use the actual certificate and private key in the update-apns-channel command" fi # Step 4: Create message files for different platforms echo "" echo "===========================================" echo "CREATING MESSAGE FILES" echo "===========================================" # Create FCM message file securely GCM_MESSAGE_FILE=$(create_temp_file) echo "Creating FCM message file..." cat > "$GCM_MESSAGE_FILE" << 'EOF' { "Addresses": { "SAMPLE-DEVICE-TOKEN-FCM": { "ChannelType": "GCM" } }, "MessageConfiguration": { "GCMMessage": { "Action": "OPEN_APP", "Body": "Hello from AWS End User Messaging Push! This is an FCM notification.", "Priority": "normal", "SilentPush": false, "Title": "My First FCM Push Notification", "TimeToLive": 30, "Data": { "key1": "value1", "key2": "value2" } } } } EOF # Create APNS message file securely APNS_MESSAGE_FILE=$(create_temp_file) echo "Creating APNS message file..." cat > "$APNS_MESSAGE_FILE" << 'EOF' { "Addresses": { "SAMPLE-DEVICE-TOKEN-APNS": { "ChannelType": "APNS" } }, "MessageConfiguration": { "APNSMessage": { "Action": "OPEN_APP", "Body": "Hello from AWS End User Messaging Push! This is an APNS notification.", "Priority": "normal", "SilentPush": false, "Title": "My First APNS Push Notification", "TimeToLive": 30, "Badge": 1, "Sound": "default" } } } EOF echo "Message files created:" echo "- FCM message file (for FCM/Android)" echo "- APNS message file (for APNS/iOS)" echo "" echo "Note: These messages use placeholder device tokens and will not actually be delivered." echo "To send real messages, you would need to replace the sample device tokens with actual ones." # Step 5: Demonstrate how to send messages (this will fail with placeholder tokens) echo "" echo "===========================================" echo "DEMONSTRATING MESSAGE SENDING" echo "===========================================" echo "Attempting to send FCM message (will fail with placeholder token)..." echo "Executing: aws pinpoint send-messages --application-id $APP_ID --message-request file://<gcm-message>" SEND_FCM_OUTPUT=$(aws pinpoint send-messages \ --application-id "$APP_ID" \ --message-request "file://$GCM_MESSAGE_FILE" 2>&1) if check_error "$SEND_FCM_OUTPUT" "send-messages (FCM)" "true"; then echo "FCM message sent successfully:" echo "$SEND_FCM_OUTPUT" else echo "As expected, FCM message sending failed with placeholder token." echo "Error details: $SEND_FCM_OUTPUT" fi echo "" echo "Attempting to send APNS message (will fail with placeholder token)..." echo "Executing: aws pinpoint send-messages --application-id $APP_ID --message-request file://<apns-message>" SEND_APNS_OUTPUT=$(aws pinpoint send-messages \ --application-id "$APP_ID" \ --message-request "file://$APNS_MESSAGE_FILE" 2>&1) if check_error "$SEND_APNS_OUTPUT" "send-messages (APNS)" "true"; then echo "APNS message sent successfully:" echo "$SEND_APNS_OUTPUT" else echo "As expected, APNS message sending failed with placeholder token." echo "Error details: $SEND_APNS_OUTPUT" fi # Step 6: Show application details echo "" echo "===========================================" echo "APPLICATION DETAILS" echo "===========================================" echo "Retrieving application details..." echo "Executing: aws pinpoint get-app --application-id $APP_ID" GET_APP_OUTPUT=$(aws pinpoint get-app --application-id "$APP_ID" 2>&1) if check_error "$GET_APP_OUTPUT" "get-app"; then echo "Application details:" echo "$GET_APP_OUTPUT" fi # Display summary of created resources echo "" echo "===========================================" echo "RESOURCES CREATED" echo "===========================================" echo "AWS Resources:" for resource in "${AWS_RESOURCES[@]+"${AWS_RESOURCES[@]}"}"; do echo "- Application: $resource" done echo "" echo "Files created:" echo "- $LOG_FILE (script log)" # Auto-cleanup information echo "" echo "===========================================" echo "CLEANUP INFORMATION" echo "===========================================" echo "This script created AWS resources that may incur charges." echo "AWS resources will be automatically cleaned up on script exit." echo "" echo "To manually delete resources later, use:" echo " aws pinpoint delete-app --application-id $APP_ID" # Set flag to delete AWS resources on cleanup DELETE_AWS_RESOURCES=true echo "" echo "===========================================" echo "SCRIPT COMPLETED SUCCESSFULLY" echo "===========================================" echo "This script demonstrated:" echo "1. Creating an AWS End User Messaging Push application" echo "2. Attempting to enable FCM and APNS channels (with placeholder credentials)" echo "3. Creating message templates for different platforms" echo "4. Demonstrating message sending commands (with placeholder tokens)" echo "5. Retrieving application details" echo "6. Proper cleanup of resources" echo "" echo "Security best practices implemented:" echo "- Secure temporary file handling with restricted permissions" echo "- Input validation for application names" echo "- Error handling with proper exit codes" echo "- Credential validation before AWS operations" echo "- Automatic cleanup on script exit" echo "- Secure file destruction for sensitive data" echo "" echo "For production use:" echo "- Replace placeholder API keys with real FCM server keys" echo "- Replace placeholder certificates with real APNS certificates" echo "- Replace placeholder device tokens with real device tokens" echo "- Use AWS IAM roles instead of long-term credentials" echo "- Implement comprehensive error handling" echo "- Store sensitive credentials in AWS Secrets Manager or Parameter Store" echo "- Enable CloudTrail for audit logging" echo "- Use VPC endpoints for private AWS API access" echo "" echo "Log file: $LOG_FILE" echo "Script completed at: $(date)"-
For API details, see the following topics in AWS CLI Command Reference.
-
