How to allow end user of the application to be able to access AWS DynamoDB?

Question

I'm building a Java application which needs to access the DynamoDB. The application is intended to be used by several end users (not all of them are trusted). From my understanding, in order to access the AWS service,the AWS credentials need to be loaded at runtime on end users' machine via several ways described at https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html

However I don't feel it'll be safe to directly hardcode the access key and token into the application code, as this can be easily exposed. Given my end users don't have too much technology background, I don't want to add too many "pre-setup" steps before they can use the application.What will be best/feasible practise to distribute the credential to them?

Thanks for all opinions.

Answer 1

You probably need to be looking at AWS Cognito

An Amazon Cognito user pool and identity pool used together

See the diagram for a common Amazon Cognito scenario. Here the goal is to authenticate your user, and then grant your user access to another AWS service.

In the first step your app user signs in through a user pool and receives user pool tokens after a successful authentication.

Next, your app exchanges the user pool tokens for AWS credentials through an identity pool.

Finally, your app user can then use those AWS credentials to access other AWS services such as Amazon S3 or DynamoDB.