Amazon Web Services RDS Web Service vs DynamoDB API for Mobile App What s Easiest Best for Security

0 votes

I'm building a mobile app that needs a backend that I've chosen to host using Amazon Web Services.

Their mobile SDKs provide APIs to work directly with the DynamoDB (making my app a thick client), including user authentication/authorization with their IAM service (which is what I'm going to use to track users). This makes it easy to say "user X wants their information. Here's their temporary access key. Oh, here's the information you requested."

However, if I used RDS as a backend database, I'd have to create web services (in PHP or Java/etc) that my app can talk to. Then I'd also have to implement the authentication/authorization myself within my web service (which I feel could get very messy). I'd also have to host the web service on an EC2 instance, as well as having the RDS instance. So my costs would increase.

The latter seems like it would be a lot of work, something which I could avoid by using DynamoDB (and its API) as my backend.

Am I correct in my reasoning here? Or is there an easy way to authenticate/authorize a PHP web service with an AWS RDS database?

I ask because I've only ever worked with relational databases before, so there would be a learning curve to get the NoSQL db running. Though hypothetically my plan is to eventually switch to a NoSQL db at some point in the future anyways due to my apps increasing demands.

Aug 27, 2018 in AWS by bug_seeker
• 15,520 points
743 views

1 answer to this question.

0 votes

There is no solution to use IAM directly with RDS because of the unavailability of fine-grained access control over RDS tables. Moreover IAM policies cannot be enforced dynamically (i.e. with an Identity Pool). RDS is an unmanaged service, so it is not provided as a SaaS endpoint. DynamoDB is a REST service presented as a distributed key-value store and exposes endpoints to clients (AWS SDK is just a wrapper around them).

DynamoDB is born as a distributed service and can guarantee fine-grained control over data access, thus allowing concurrent access.

answered Aug 27, 2018 by Priyaj
• 58,090 points

Related Questions In AWS

0 votes
1 answer

Amazon Web Services: Delete item on DynamoDB Database from Lambda Function

Omitting the Lambda boilerplate      var tablename= "Users" dynamodb.deleteItem({ "TableName": tableName "Key": ...READ MORE

answered Feb 16, 2022 in AWS by anonymous
743 views
0 votes
0 answers

How do I get elements out of a AWS DynamoDB for a simple web app?

Feb 28, 2022 in AWS by Rahul
• 2,080 points
321 views
+1 vote
1 answer
0 votes
1 answer

Amazon AWS - simple email service for Sydney region

SES is just an authenticated endpoint on ...READ MORE

answered Jul 20, 2018 in AWS by Priyaj
• 58,090 points
520 views
+1 vote
2 answers
0 votes
1 answer
0 votes
1 answer
0 votes
1 answer

Custom authorizer vs Cognito - authentication for amazon api gateway - Web application

okay, authentication and security is indeed hard ...READ MORE

answered Sep 24, 2018 in AWS by Priyaj
• 58,090 points
2,927 views
+2 votes
1 answer
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP