--- title: Step 2. Configuring AWS for Push notifications on iOS description: Explains how to configure Amazon Simple Notification Service (SNS) to send push notifications to iOS devices. component: orchsdks page_id: orchsdks:journey:use-cases/push/ios/02_configure_push_in_aws canonical_url: https://developer.pingidentity.com/orchsdks/journey/use-cases/push/ios/02_configure_push_in_aws.html revdate: Mon, 23 Mar 2026 16:18:00 +0100 keywords: ["Push", "MFA", "Strong Auth", "Integration", "SDK", "mobile", "authentication", "notification", "iOS", "APNs", "AWS", "SNS"] section_ids: apns-arn: Setting up AWS for iOS push notifications creating_a_service_account_with_access_to_the_arn_endpoints: Creating a service account with access to the ARN endpoints sns_access_token: Creating an access token for the AWS service account --- # Step 2. Configuring AWS for Push notifications on iOS [icon: circle-check, set=far]PingOne Advanced Identity Cloud [icon: circle-check, set=far]PingAM [icon: ios, set=fab]iOS In this step, you use the service account and key created in the previous steps to set up [Amazon Simple Notification Service (SNS)](https://aws.amazon.com/sns/) to be able to route push notification messages to iOS devices. You also create a service account and associated access token to provide access to the service to your server. ## Setting up AWS for iOS push notifications 1. Log in to the AWS console: 2. In the search bar, enter `SNS`, and then select Simple Notification Service from the list of results. | | | | - | ------------------------------------------------------------------------------------------------- | | | Click the star icon ([icon: star, set=far]) to pin the service to the toolbar in the AWS console. | 3. In the left menu, navigate to **Mobile** [icon: angle-right, set=fa] **Push notifications**. 4. In the Platform applications panel, click Create platform application. 5. On the Create platform application page: 1. In Application name, enter a name for the platform application. For example, `iOS_Push_Messaging`. 2. In Push notification platform, select Apple iOS/VoIP/MacOS. The page displays the Apple credentials section. 3. In the Apple credentials section: 1. In Push service, select iOS. 2. In Authentication method, select Token. The page displays additional fields. 3. In Signing key, click Choose file, and navigate to the `.p8` file that you downloaded from Apple when you [registered a new key for APNs](01_configure_push_for_ios.html#register_apns). After selecting the file, the page populates the Signing key text field with the private key from the `.p8` file. 1. In Signing key ID, enter the 10-character ID of the key you created when you [registered a new key for APNs](01_configure_push_for_ios.html#register_apns). For example, `YUGX2BO820`. 2. In Team ID, enter the ID of your team in the Apple Developer Program. | | | | - | ----------------------------------------------------------------------------------------------------------------------------------------------------- | | | You can view your Team ID on the [Membership details](https://developer.apple.com/account#MembershipDetailsCard) page in the Apple developer console. | 3. In Bundle ID, enter the bundle ID of the iOS application you are adding push notifications to. For example, `com.example.push`. 1. Click Create platform application. The page creates the application and displays the details pane: ![amazon sns arn ios en](../../../_images/push/amazon-sns-arn-ios-en.png)Figure 1. An iOS platform application in AWS, showing the ARN. 6. Make a note of the ARN value. You need this value in [Step 3. Configuring servers for push notifications](03_configure_push_in_forgerock.html). ## Creating a service account with access to the ARN endpoints 1. Log in to the AWS console: 2. In the search bar, enter `IAM`, and then select IAM from the list of results. | | | | - | ------------------------------------------------------------------------------------------------- | | | Click the star icon ([icon: star, set=far]) to pin the service to the toolbar in the AWS console. | 3. In the left menu, navigate to **Access management** [icon: angle-right, set=fa] **Users**. 4. Click Create user. 5. In User name, enter a name for the user account that the access key will represent. For example, `sns_arn_user`. 6. Click Next. 7. In Permissions options, select Attach policies directly. The page displays additional fields. 8. In Permissions policies, in the search bar, enter `SNSFull`, and then select the checkbox next to `AmazonSNSFullAccess`. ![amazon sns arn user permissions en](../../../_images/push/amazon-sns-arn-user-permissions-en.png)Figure 2. Adding the SNS permission policy to a user in AWS IAM. 9. Click Next, review the details of the account, and then click Create user. ## Creating an access token for the AWS service account 1. Log in to the AWS console: 2. In the search bar, enter `IAM`, and then select IAM from the list of results. | | | | - | ------------------------------------------------------------------------------------------------- | | | Click the star icon ([icon: star, set=far]) to pin the service to the toolbar in the AWS console. | 3. In the left menu, navigate to **Access management** [icon: angle-right, set=fa] **Users**, and then click the service account you created previously. 4. In the Summary pane, click Create access key. 5. On the Access key best practices & alternatives page: 1. In Use case, select Third-party service 2. Under Confirmation, select the I understand the above recommendation and want to proceed to create an access key checkbox. 3. Click Next. 6. In Description tag value, enter the purpose of the access key. For example, `server access to SNS ARN endpoints` 7. Click Create access key. 8. Make a note of the provided values: 1. Access Key ID. For example, `AKIAXOSPRCH15LEES` 2. Secret access key. For example, `9eF7EcWMZzChI51BBHkLeElXk8R3XHv7/n7QSiwoUFJ` | | | | - | ----------------------------------------------------------------------------------- | | | Click Download .csv file to download a file containing the values for safe-keeping. | 9. Click Done.