---
title: Step 3. Configure Push notifications in AWS
description: In this step, you use the service account and key created in the previous steps to set up Amazon Simple Notification Service (SNS) to be able to route push notification messages to Android and iOS devices.
component: sdks
version: latest
page_id: sdks:authenticator-module:use-cases/push_notifications/03_configure_push_in_aws
canonical_url: https://docs.pingidentity.com/sdks/latest/authenticator-module/use-cases/push_notifications/03_configure_push_in_aws.html
revdate: Tue, 8 Nov 2022 16:17:48 +0000
section_ids:
  gcm-arn: Set up AWS for Android push notifications
  apns-arn: Set up AWS for iOS push notifications
  create_a_service_account_with_access_to_the_arn_endpoints: Create a service account with access to the ARN endpoints
  sns_access_token: Create an access token for the service account
---

# Step 3. Configure Push notifications in AWS

In this step, you use the service account and key created in the previous steps to set up [Amazon Simple Notification Service (SNS)](https://aws.amazon.com/sns/) to be able to route push notification messages to Android and iOS devices.

You also create a service account and associated access token to provide access to the service to your server.

## Set up AWS for Android push notifications

1. Log in to the AWS console: <https://console.aws.amazon.com/console/home>

2. In the search bar, enter `SNS`, and then select Simple Notification Service from the list of results.

   |   |                                                                                                   |
   | - | ------------------------------------------------------------------------------------------------- |
   |   | Click the star icon ([icon: star, set=far]) to pin the service to the toolbar in the AWS console. |

3. In the left menu, navigate to **Mobile** [icon: angle-right, set=fa] **Push notifications**.

4. In the Platform applications panel, click Create platform application.

5. On the Create platform application page:

   1. In Application name, enter a name for the platform application.

      For example, `Android_Push_Messaging`.

   2. In Push notification platform, select Firebase Cloud Messaging (FCM).

      The page displays the Firebase Cloud Messaging Credentials section.

      1. In Authentication method, select Token.

         The page displays additional fields.

      2. In Service JSON, click Choose file, and navigate to the JSON file that you downloaded from Firebase when you [created a Firebase key](01_configure_push_for_android.html#create_firebase_key) previously.

   3. Click Create platform application.

      The page creates the application and displays the details pane:

      ![amazon sns arn android en](../../../_images/amazon-sns-arn-android-en.png)Figure 1. An Android platform application in AWS, showing the ARN.

6. Make a note of the ARN value. You need this value when you [Configure a server for push notifications](04_configure_push_in_forgerock.html).

## Set up AWS for iOS push notifications

1. Log in to the AWS console: <https://console.aws.amazon.com/console/home>

2. In the search bar, enter `SNS`, and then select Simple Notification Service from the list of results.

   |   |                                                                                                   |
   | - | ------------------------------------------------------------------------------------------------- |
   |   | Click the star icon ([icon: star, set=far]) to pin the service to the toolbar in the AWS console. |

3. In the left menu, navigate to **Mobile** [icon: angle-right, set=fa] **Push notifications**.

4. In the Platform applications panel, click Create platform application.

5. On the Create platform application page:

   1. In Application name, enter a name for the platform application.

      For example, `iOS_Push_Messaging`.

   2. In Push notification platform, select Apple iOS/VoIP/MacOS.

      The page displays the Apple credentials section.

   3. In the Apple credentials section:

      1. In Push service, select iOS.

      2. In Authentication method, select Token.

         The page displays additional fields.

      3. In Signing key, click Choose file, and navigate to the `.p8` file that you downloaded from Apple when you [registered a new key for APNs](02_configure_push_for_ios.html#register_apns).

         After selecting the file, the page populates the Signing key text field with the private key from the `.p8` file.

      4. In Signing key ID, enter the 10-digit ID of the key you created when you [registered a new key for APNs](02_configure_push_for_ios.html#register_apns).

         For example, `YUGX2BO820`.

      5. In Team ID, enter the ID of your team in the Apple Developer Program.

         |   |                                                                                                                                                       |
         | - | ----------------------------------------------------------------------------------------------------------------------------------------------------- |
         |   | You can view your Team ID on the [Membership details](https://developer.apple.com/account#MembershipDetailsCard) page in the Apple developer console. |

      6. In Bundle ID, enter the bundle ID of the iOS application you are adding push notifications to.

         For example, `com.forgerock.authenticator.sample`.

   4. Click Create platform application.

      The page creates the application and displays the details pane:

      ![amazon sns arn ios en](../../../_images/amazon-sns-arn-ios-en.png)Figure 2. An iOS platform application in AWS, showing the ARN.

6. Make a note of the ARN value. You need this value when you [Configure a server for push notifications](04_configure_push_in_forgerock.html).

## Create a service account with access to the ARN endpoints

1. Log in to the AWS console: <https://console.aws.amazon.com/console/home>

2. In the search bar, enter `IAM`, and then select IAM from the list of results.

   |   |                                                                                                   |
   | - | ------------------------------------------------------------------------------------------------- |
   |   | Click the star icon ([icon: star, set=far]) to pin the service to the toolbar in the AWS console. |

3. In the left menu, navigate to **Access management** [icon: angle-right, set=fa] **Users**.

4. Click Create user.

5. In User name, enter a name for the user account that the access key will represent.

   For example, `sns_arn_user`.

6. Click Next.

7. In Permissions options, select Attach policies directly.

   The page displays additional fields.

8. In Permissions policies, in the search bar, enter `SNSFull`, and then select the checkbox next to `AmazonSNSFullAccess`.

   ![amazon sns arn user permissions en](../../../_images/amazon-sns-arn-user-permissions-en.png)Figure 3. Adding the SNS permission policy to a user in AWS IAM.

9. Click Next, review the details of the account, and then click Create user.

## Create an access token for the service account

1. Log in to the AWS console: <https://console.aws.amazon.com/console/home>

2. In the search bar, enter `IAM`, and then select IAM from the list of results.

   |   |                                                                                                   |
   | - | ------------------------------------------------------------------------------------------------- |
   |   | Click the star icon ([icon: star, set=far]) to pin the service to the toolbar in the AWS console. |

3. In the left menu, navigate to **Access management** [icon: angle-right, set=fa] **Users**, and then click the service account you created previously.

4. In the Summary pane, click Create access key.

5. On the Access key best practices & alternatives page:

   1. In Use case, select Third-party service

   2. Under Confirmation, select the I understand the above recommendation and want to proceed to create an access key checkbox.

   3. Click Next.

6. In Description tag value, enter the purpose of the access key.

   For example, `server access to SNS ARN endpoints`

7. Click Create access key.

8. Make a note of the provided values:

   1. Access Key ID.

      For example, `AKIAXOSPRCH15LEES`

   2. Secret access key.

      For example, `9eF7EcWMZzChI51BBHkLeElXk8R3XHv7/n7QSiwoUFJ`

   |   |                                                                                     |
   | - | ----------------------------------------------------------------------------------- |
   |   | Click Download .csv file to download a file containing the values for safe-keeping. |

9. Click Done.