What is the best approach for storing data to DynamoDB and S3?
Use an EC2 Instance that is launched with an EC2 role providing access to the Score Data DynamoDB table and the GameState S3 bucket that communicates with the mobile app via web services.
Use temporary security credentials that assume a role providing access to the Score Data DynamoDB table and the Game State S3 bucket using web identity federation.
Use Login with Amazon allowing users to sign in with an Amazon account providing the mobile app with access to the Score Data DynamoDB table and the Game State S3 bucket.
Use an IAM user with access credentials assigned a role providing access to the Score Data DynamoDB table and the Game State S3 bucket for distribution with the mobile app.
Explanations:
Using an EC2 instance requires additional infrastructure management and may introduce latency. It complicates the architecture by needing a web service layer, which is unnecessary for direct access to AWS services from the mobile app.
Using temporary security credentials with web identity federation allows the mobile app to authenticate users via their social media accounts and directly access DynamoDB and S3 resources without needing to manage long-term AWS credentials. This is a secure and efficient approach.
While Login with Amazon is a valid authentication method, it does not inherently provide access to DynamoDB and S3. This option doesn’t address how to securely manage and use AWS resources from the mobile app directly.
Distributing IAM user credentials with access credentials is insecure. It exposes static credentials in the mobile app, increasing the risk of unauthorized access to AWS resources. Instead, using temporary credentials is recommended for security.