I am sure that by now, you would have started thinking about developing an app using DynamoDB as the backend database. But wait! There is one small problem with it, that is, mobile application codes always need to be deployed on each app user's mobile. This means that if we need to access AWS resources, we would also need to send in the security credentials with each app, which is not a good thing to do from the security point of view. Encrypting the credentials would help in reducing the risk, but it would not completely make the app secure as by putting in some effort, hackers would also get hold of the encrypted credentials.
Also, considering that eventually the app would have a huge number of users, we cannot create separate user accounts in IAM. So, even this would not help us. So what can be done in this case? For that we have two options:
Use web identity federation
Create your own custom authentication
Let's try to understand the process in detail.