Using DynamoDB and Web Identity Federation
Using DynamoDB and Web Identity Federation
Let's take a look at using DynamoDB and web identity federation. Also, explore the DynamoDB configurations.
Join the DZone community and get the full member experience.
Join For FreeCompliant Database DevOps: Deliver software faster while keeping your data safe. This new whitepaper guides you through 4 key ways Database DevOps supports your data protection strategy. Read free now
Scenario
Let’s say you are developing a game application or any other web application on AWS public cloud platform that uses DynamoDB for storing all application related data. Now, if your application is expected to have thousands of users, then it will not be viable for you to create IAM user and then provide these users access to the tables in Dynamo DB for storing application related data, like their score in case of a game or shopping cart etc. The solution to this scenario is to use Web Identity Federation, which will leverage user’s existing accounts on Google, Facebook or any other identity provider, to provide temporary access to the Dynamo DB data.
Let’s look into an example of how to make configurations for this.
DynamoDB Configurations
Create a DynamoDB table and call it "Score."
- Create Partition key and a Sort key. Complete creation of the table.
- Go to "Access control" and select ‘Facebook’ as the identity provider or any other as per your requirement.
- Select the "Actions" that you want to allow your users to perform.
- Select the "Attributes" that you want your users to have access to.
- Select Create policy and copy the code generated in the policy panel. See the snapshot below.
IAM Configurations
- Go to IAM console and select “Create Policy." Under the JSON tab, paste the code that you copied in step 6 of above section i.e. DynamoDB Configurations. Move to the next page.
- Give the policy a name, for example, ‘DynamoDB-Policy’ and complete the policy creation process.
- Now, create a new role.
- Select Web Identity as the Trusted Identity of your role.
- Select "Facebook" as the Identity Provider and enter the applications ID that you retrieved from your Facebook development account.
- Go to "Next: Permissions" screen and search for the policy you just created. Type in your policy name, for example, "DynamoDB-Policy," in this case, and select it and move to the next step.
- Provide the role a name and description.
Conclusion
One this setup is in place, you can start developing your application that uses social media identity providers like Facebook in this example to authenticate and authorize your users. You also have the option to use Amazon Cognito that is the best fit for quickly and easily managing your users coming through third party identity providers.
Read this new Compliant Database DevOps whitepaper now and see how Database DevOps complements data privacy and protection without sacrificing development efficiency. Download free.
Like This Article? Read More From DZone
Opinions expressed by DZone contributors are their own.
{{ parent.title || parent.header.title}}
{{ parent.tldr }}
{{ parent.linkDescription }}
{{ parent.urlSource.name }}