Amazon Web Services: RDS + Web Service vs DynamoDB API for Mobile App. What's Easiest/Best for Security?

0 votes

I'm building a mobile app that needs a backend that I've chosen to host using Amazon Web Services.

Their mobile SDKs provide APIs to work directly with the DynamoDB (making my app a thick client), including user authentication/authorization with their IAM service (which is what I'm going to use to track users). This makes it easy to say "user X wants their information. Here's their temporary access key. Oh, here's the information you requested."

However, if I used RDS as a backend database, I'd have to create web services (in PHP or Java/etc) that my app can talk to. Then I'd also have to implement the authentication/authorization myself within my web service (which I feel could get very messy). I'd also have to host the web service on an EC2 instance, as well as having the RDS instance. So my costs would increase.

The latter seems like it would be a lot of work, something which I could avoid by using DynamoDB (and its API) as my backend.

Am I correct in my reasoning here? Or is there an easy way to authenticate/authorize a PHP web service with an AWS RDS database?

I ask because I've only ever worked with relational databases before, so there would be a learning curve to get the NoSQL db running. Though hypothetically my plan is to eventually switch to a NoSQL db at some point in the future anyways due to my apps increasing demands.

Aug 27, 2018 in AWS by bug_seeker
• 15,300 points
39 views

1 answer to this question.

Your answer

Your name to display (optional):
Privacy: Your email address will only be used for sending these notifications.
0 votes

There is no solution to use IAM directly with RDS because of the unavailability of fine-grained access control over RDS tables. Moreover IAM policies cannot be enforced dynamically (i.e. with an Identity Pool). RDS is an unmanaged service, so it is not provided as a SaaS endpoint. DynamoDB is a REST service presented as a distributed key-value store and exposes endpoints to clients (AWS SDK is just a wrapper around them).

DynamoDB is born as a distributed service and can guarantee fine-grained control over data access, thus allowing concurrent access.

answered Aug 27, 2018 by Priyaj
• 56,140 points

Related Questions In AWS

+1 vote
1 answer
0 votes
1 answer

Amazon AWS - simple email service for Sydney region

SES is just an authenticated endpoint on ...READ MORE

answered Jul 20, 2018 in AWS by Priyaj
• 56,140 points
40 views
0 votes
1 answer
0 votes
1 answer

Explain how the buffer is used in Amazon web services?

In order to make system more efficient ...READ MORE

answered Jul 31, 2018 in AWS by Priyaj
• 56,140 points
76 views
+1 vote
2 answers
0 votes
1 answer
0 votes
1 answer

Custom authorizer vs Cognito - authentication for amazon api gateway - Web application

okay, authentication and security is indeed hard ...READ MORE

answered Sep 24, 2018 in AWS by Priyaj
• 56,140 points
479 views
+1 vote
1 answer

© 2018 Brain4ce Education Solutions Pvt. Ltd. All rights Reserved.
"PMP®","PMI®", "PMI-ACP®" and "PMBOK®" are registered marks of the Project Management Institute, Inc. MongoDB®, Mongo and the leaf logo are the registered trademarks of MongoDB, Inc.