In this demo will create a Trivia Scores table for an application that needs to support thousands of users. We need to ensure that each user can only access their own data in the TriviaScores table. Many users already have accounts with a third-party identity provider, such as Facebook, Google, or Login with Amazon — so it makes sense to leverage one of these providers for authentication tasks.
So how are we going to do this with web identity federation?
We will register the app with an identity provider (such as Login with Amazon) and obtain a unique app ID. Next, we will create an IAM role. (TriviaRole.) The role must have an IAM policy document attached to it, specifying the conditions under which the app can access TriviaScores table.
When a user want to play a trivia, she signs in to his Login with Amazon account from within the gaming app. The app then calls AWS Security Token Service (AWS STS), providing the Login with Amazon app ID and requesting membership in TriviaRole. AWS STS returns temporary AWS credentials to the app and allows it to access the TriviaScores table, subject to the TriviaRole policy document.