Which solution below is the most secure?
Embed AWS access credentials into the application and create DynamoDB queries that limit user access.
Use Amazon Cognito identity pools to assign unique identifiers and provide user access.
Modify the DynamoDB table to allow public read and writes, then add client-side filtering.
Create a web portal for users to create an account on AWS Directory Service.
Explanations:
Embedding AWS access credentials directly into the application is insecure as it exposes credentials to end users, potentially allowing unauthorized access to the DynamoDB table.
Using Amazon Cognito identity pools allows the app to authenticate users securely and provides temporary credentials, ensuring that users can only access their own data in DynamoDB.
Allowing public read and writes to the DynamoDB table and relying on client-side filtering exposes the data to potential unauthorized access and manipulation, which is a security risk.
A web portal for user registration with AWS Directory Service does not directly address the security of data access to DynamoDB and introduces unnecessary complexity.