AdministratorMay 1, 2020 at 8:42 am
The provided answer is:
Setup a table in DynamoDB containing an item for each user having the necessary attributes to hold the user preferences. The mobile app will query the user preferences directly from the table. Use STS, Web Identity Federation, and DynamoDB’s Fine Grained Access Control for authentication and authorization.
The S3 option that you are referring to says:
Have the user preference data stored in S3, and set up a DynamoDB table with an item for each user and an item attribute referencing the user’s S3 object. The mobile app will retrieve the S3 URL from DynamoDB and then access the S3 object directly utilizing STS, Web identity Federation, and S3 ACLs.
The S3 option is a cumbersome solution as it stores the preference data to S3 that needs to be accessed via DynamoDB first. A more direct solution is to just directly store the data in DynamoDB table. Fetching user data from an S3 URL is quite a bad design since Amazon S3 is primarily used to store static data, and not for storing dynamic data like user preferences.
This option doesn’t use the built-in Fine-Grained Access Control in DynamoDB for authentication and authorization. Take note that it mentions the user of S3 ACLs which are not warranted in this scenario: