You have created a DynamoDB table for an application that needs to support thousands of users. You need to ensure that each user can only access their own data in a particular table. Many users already have accounts with a third-party identity provider, such as Facebook, Google, or Login with Amazon. How would you implement this requirement?

Answer options:

A.Create an IAM User for all users so that they can access the application.
B.Use Web identity federation and register your application with a third-party identity provider such as Google, Amazon, or Facebook.
C.Create an IAM role which has specific access to the DynamoDB table.
D.Use a third-party identity provider such as Google, Facebook or Amazon so users can become an AWS IAM User with access to the application.

Answer - B and C
The AWS Documentation mentions the following
With web identity federation, you don`t need to create custom sign-in code or manage your own user identities. Instead, users of your app can sign in using a well-known identity provider (IdP) —such as Login with Amazon, Facebook, Google, or any other OpenID Connect (OIDC)-compatible IdP, receive an authentication token, and then exchange that token for temporary security credentials in AWS that map to an IAM role with permissions to use the resources in your AWS account. Using an IdP helps you keep your AWS account secure, because you don`t have to embed and distribute long-term security credentials with your application.
For more information on Web Identity federation, please visit the below url
http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_oidc.html