How should a database specialist implement access control with the LEAST operational effort?
Use web identity federation on the mobile app and AWS STS with an attached IAM role to get temporary credentials to access DynamoDB.
Use web identity federation on the mobile app and create individual IAM users with credentials to access DynamoDB.
Use a self-developed user management system on the mobile app that lets users access the data from DynamoDB through an API.
Use a single IAM user on the mobile app to access DynamoDB.
Explanations:
Web identity federation with AWS STS provides a way for the app to use existing Facebook or Amazon credentials for temporary access to DynamoDB, reducing operational effort.
Creating individual IAM users for each app user would require significant operational effort for managing users, making it inefficient for a large user base.
A self-developed user management system introduces additional complexity, requiring maintenance and management overhead that increases operational effort.
Using a single IAM user to access DynamoDB poses a security risk, as credentials would be shared among all users and cannot be controlled individually or limited by session length.