How should a database specialist implement access control with the LEAST operational effort?

By:
In: DBS-C01
Tagged:
With: 1 Comment
A gaming company is developing a new mobile game and decides to store the data for each user in Amazon DynamoDB.To make the registration process as easy as possible, users can log in with their existing Facebook or Amazon accounts.The company expects more than 10,000 users.

How should a database specialist implement access control with the LEAST operational effort?

Use web identity federation on the mobile app and AWS STS with an attached IAM role to get temporary credentials to access DynamoDB.

Use web identity federation on the mobile app and create individual IAM users with credentials to access DynamoDB.

Use a self-developed user management system on the mobile app that lets users access the data from DynamoDB through an API.

Use a single IAM user on the mobile app to access DynamoDB.

Explanations:

Web identity federation with AWS STS provides a way for the app to use existing Facebook or Amazon credentials for temporary access to DynamoDB, reducing operational effort.

Creating individual IAM users for each app user would require significant operational effort for managing users, making it inefficient for a large user base.

A self-developed user management system introduces additional complexity, requiring maintenance and management overhead that increases operational effort.

Using a single IAM user to access DynamoDB poses a security risk, as credentials would be shared among all users and cannot be controlled individually or limited by session length.

2025-10-05

1 Comment

  1. Thomas
    Author

    As I understand it, the answer is:
    Use web identity federation on the mobile app and AWS STS with an attached IAM role to get temporary credentials to access DynamoDB.

Leave a Reply

Your email address will not be published. Required fields are marked *

thirteen − eight =