AWS Certified Big Data - Specialty (#34)

An organization is designing a public web application and has a requirement that states all application users must be centrally authenticated before any operations are permitted. The organization will need to create a user table with fast data lookup for the application in which a user can read only his or her own data. All users already have an account with amazon.com. How can these requirements be met?

Create an Amazon RDS Aurora table, with Amazon_ID as the primary key. The application uses amazon.com web identity federation to get a token that is used to assume an IAM role from AWS STS. Use IAM database authentication by using the
rds:db-tag
IAM authentication policy and
GRANT
Amazon RDS row-level read permission per user.
Create an Amazon RDS Aurora table, with Amazon_ID as the primary key for each user. The application uses amazon.com web identity federation to get a token that is used to assume an IAM role. Use IAM database authentication by using
rds:db-tag
IAM authentication policy and
GRANT
Amazon RDS row-level read permission per user.
Create an Amazon DynamoDB table, with
Amazon_ID
as the partition key. The application uses amazon.com web identity federation to get a token that is used to assume an IAM role from AWS STS in the Role, use IAM condition context key
dynamodb:LeadingKeys
with IAM substitution variables
$ {www.amazon.com:user_id}
and allow the required DynamoDB API operations in IAM JSON policy
Action
element for reading the records.
Create an Amazon DynamoDB table, with
Amazon_ID
as the partition key. The application uses amazon.com web identity federation to assume an IAM role from AWS STS in the Role, use IAM condition context key
dynamodb:LeadingKeys
with IAM substitution variables
$ {www.amazon.com:user_id}
and allow the required DynamoDB API operations in IAM JSON policy
Action
element for reading the records.

Need help?