Unable to add APNS certificate to Pinpoint

I have solved this. Pinpoint needs to be setup using the CLI and the web console in order to use APNS_SANDBOX and APNS channels. There is currently no way to set this up just using the console. This APNS_SANDBOX channel must exist in order to test push notifications from development builds. The APNS channel is only used for Test Flight and App Store deployments.

Create a universal (Sandbox & Production combined) APN certificate at developer.apple.com. Download the resulting certificate and import it into Keychain Access.

In the Pinpoint web console in Chrome, enable development tools and open the Network Activity tab.

Proceed to import the certificate into the Pinpoint app. This will enable the APNS (production) channel.

To enable the APNS_SANDBOX channel (development) you will need to call the AWS pinpoint CLI. In the Chrome developer tools network tab, it has captured the request from the previous import, including CERTIFICATE and PRIVATEKEY fields. These will be in the Request Payload section. Use those values to create a JSON file in the following format:

{
  "APNSSandboxChannelRequest": {
    "Certificate": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----\n",
    "PrivateKey": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----\n",
    "Enabled": true
  },
  "ApplicationId": "PINPOINT_APP_ID_FROM_CONSOLE"
}

Invoke the CLI command to create the APNS_SANDBOX channel in this app:

aws pinpoint update-apns-sandbox-channel --cli-input-json "file://path_to_JSON.json"

You will now have a Pinpoint app capable of sending on APNS and APNS_SANDBOX channels.

NOTE: the .entitlements file within the client project will specify a value of development for the APS Environment field. This is normal, and will be automatically changed to production when an archive is created for deployment to Test Flight or the App Store.

Edited by: Fook on Feb 21, 2020 9:54 AM