AWS Certified Database – Specialty — Question 82

A gaming company is developing a new mobile game and decides to store the data for each user in Amazon DynamoDB. To make the registration process as easy as possible, users can log in with their existing Facebook or Amazon accounts. The company expects more than 10,000 users.
How should a database specialist implement access control with the LEAST operational effort?

Answer options

• A. Use web identity federation on the mobile app and AWS STS with an attached IAM role to get temporary credentials to access DynamoDB.
• B. Use web identity federation on the mobile app and create individual IAM users with credentials to access DynamoDB.
• C. Use a self-developed user management system on the mobile app that lets users access the data from DynamoDB through an API.
• D. Use a single IAM user on the mobile app to access DynamoDB.

Correct answer: A

Explanation

The correct answer is A, as using web identity federation with AWS STS allows for temporary credentials without the need to manage individual IAM users, reducing operational effort. Option B requires creating and maintaining numerous IAM users, which increases management overhead. Option C involves developing a custom solution, which is more complex and labor-intensive. Option D is not secure or scalable, as a single IAM user can lead to security risks and does not accommodate many users effectively.