NoSQL Database - AWS Mobile Hub

On October 30, 2021, AWS Amplify will replace AWS Mobile Hub. For more information, see Migrating to Amplify.

NoSQL Database

Looking for the AWS SDKs for iOS and Android? These SDKs and their docs are now part of AWS Amplify.

The content on this page applies only to apps that were configured using AWS Mobile Hub or awsmobile CLI. For existing apps that use AWS Mobile SDK prior to v2.8.0, we highly recommend you migrate your app to use AWS Amplify and the latest SDK.

Choose the Mobile Hub NoSQL Database mobile backend feature to:

  • Add easy to develop database capabilities with scalable performance and cost

Create a free Mobile Hub project and add the NoSQL DB feature in minutes.

Feature Details

The following image shows the typical connection between a mobile app and Amazon DynamoDB using the NoSQL pattern.

The NoSQL Database feature uses Amazon DynamoDB to enable you to create database tables that can store and retrieve data for use by your apps.

NoSQL databases are widely recognized as the method of choice for many mobile backend solutions due to their ease of development, scalable performance, high availability, and resilience. For more information, see From SQL to NoSQL in the Amazon DynamoDB Developer Guide.

NoSQL Database At a Glance

AWS services and resources configured

Mobile Hub-enabled features use Amazon Cognito for authentication and IAM for authorization. For more information, see User Sign-in. For more information, see Viewing AWS Resources Provisioned for this Feature.

Configuration options

This feature enables the following mobile app backend capabilities:

Configuring Your Tables - Using custom schema, based on a sample schema provided, or by using a wizard that guides you through choices while creating a table.

Data Permissions - Access to your app’s data can be:

  • Public (enables any mobile app user to read or write any item in the table).

  • Protected (enables any mobile app user to read any item in the table but only the owner of an item can update or delete it).

  • Private (enables only the owner of an item to read and write to a table) For more information, see Configuring the NoSQL Database Feature.

For more information, see Configuring the NoSQL Database Feature.

Quickstart app demos

This feature adds the following to a quickstart app generated by Mobile Hub:

  • Insert and remove sample data, based on the schema you specify in the console.

  • Perform and see the results of NoSQL operations on tables including Get, Scan, and all the example queries displayed by the console as you make design selections.

Configuring the NoSQL Database Feature

This section describes steps and options for configuring NoSQL Database features in Mobile Hub.

To add the NoSQL Database feature to your |AMH| project

  1. Choose Enable NoSQL.

  2. Choose Add a new table.

  3. Choose the initial schema for the table. You can use a provided example schema, or generate a schema through the wizard.

Example Table Schemas

AWS Mobile Hub provides a set of example table schemas for typical mobile apps. If you create a table using one of the example schema templates, the table initially has a set of attributes specific to each example. You can choose one of these templates as the starting schema for your table:

  • News, which stores author, title, article content, keywords, and other attributes of news articles.

  • Locations, which stores names, latitude, and longitude of geographic locations.

  • Notes, which stores private notes for each user.

  • Ratings, which stores user ratings for a catalog of items.

  • Graffiti Wall, which stores shared drawing items.

To add a table using one of the example schema templates in your |AMH| project

  1. Choose the example template to use for the initial schema of the table.

  2. Type a new name in Table name to rename the table if you wish. Each template gives the table a default name matching the name of the template.

  3. Choose Public, Protected, or Private permissions to grant to the mobile app users for the table. For more information, see Data Permissions.

  4. (Optional) Under What attributes do you want on this table?, you can add, rename, or delete table attributes.

  5. (Optional) Choose Add index to add name, partition key, and (optionally) sort key for a secondary index for your table.

  6. Choose Create table.

Configuring Your Tables

This section describes options for configuring DynamoDB NoSQL tables for your app.

NoSQL Table Terminology

Similar to other database management systems, DynamoDB stores data in tables. A table is a collection of data with the following elements.


  • Each table contains multiple items. An item is a group of attributes that is uniquely identifiable among all of the other items. Items are similar to rows, records, or tuples in relational database systems.


  • Attributes are the columns in a DynamoDB table. The rows of the table are the individual records you add, update, read, or delete as necessary for your app.

    The table schema provides a set of initial attributes based on the needs of each example. You can remove any of these attributes by choosing Remove. If you remove the partition key attribute, then you must designate another attribute as the partition key for the primary index of the table.

    You can choose Add attribute to add a blank attribute to the table. Give the attribute a name, choose the type of data it will store, and choose whether the new attribute is the partition key or the sort key.


  • Each table has a built-in primary index, which has a partition key and may also have a sort key. This index allows specific types of queries. You can see the types of queries the table can perform by expanding the Queries this table can perform section. To enable queries using other attributes, create additional secondary indexes. Secondary indexes enable you to access data using a different partition key and optional sort key from those on the primary index.

Data Permissions

Best practice for data security is to allow the minimum access to your tables that will support your app design. Mobile Hub provides two methods to protect your data: user authentication using the User Sign-in feature; and NoSQL Database data table user permissions.

Note: When NoSQL Database is enabled your app communicates directly with the DynamoDB service. If you do not make the User Sign-in feature Required then, where not blocked by table user permissions, unauthenticated users will have access to read and/or write data.

Grant Permissions Only to Authenticated Users

Unless users who have not signed-in need to read or write data in a table in your app, scope down access by requiring users to sign in (authenticate) before they are allowed to use app features that perform database operations. The AWS Mobile Hub User Sign-in feature offers a range of methods for authenticating users that includes: federating with a sign-in provider like Facebook, Google, Active Directory, or your existing custom service. In a few clicks, you can also create your own sign-in provider backed by AWS services.

To add User Sign-in to your app, use the Configure more features button on a feature configuration page, or the Configure icon on the left. Then choose and enable User Sign-in.

Grant Permissions to Table Data Items Per User

When you create a new table in NoSQL Database, you choose between Public, Private, or Protected options, to determine which app users can read or write the table’s data. Mobile Hub attaches a fine-grained access control policy to the table, that can restrict the operations available to a user based on whether or not they are the creator of data being accessed.


  • Public permissions allow all users to read or update all items (data rows) in the table.


  • Protected permissions allow all users to read all items in the table, but only the owner of an item can update or delete that item.


  • Private permissions allow only the owner of an item to read or write to it.


Users own a data item if their Amazon Cognito identity ID matches the value of the item’s primary key.

If you choose Protected or Private permissions for a table, then the partition key of the table must be userId, and be of type string. Secondary indexes for protected or private tables follow the same pattern as primary indexes.

When a user creates an item in a protected or private table, AWS populates the value of the item’s primary key with that user’s Amazon Cognito identity ID.

Enforcement happens when a data operation is attempted on a protected or private item. IAM will check if the item’s userId matches the current user’s Amazon Cognito identity ID, and allow or prevent the operation based on the policy attached to the table.

When you choose Public, permissions for a table there is no ownership enforcement. There are no restrictions on name or data type of the primary key and secondary index primary keys of a public table.

Managing Permissions to Restricted Items for Multiple Writers

After Mobile Hub provisions access restrictions for your tables with Protected or Private permissions, IAM ensures that only the mobile app user whose action creates an item in the table will be able to write to the attribute values of that item. To design your schema for the case where multiple users need to write data to an existing item, one strategy is to structure your schema in a way that users write to different tables. In this design, the app queries both tables to join data.

For example, customers may create orders in an orders table and delivery service drivers may write delivery tracking information to a deliveries table, where both tables have secondary indexes that allow fast lookup based on orderId or customerId.

Retrieving Data

The operations you can use to retrieve data from your NoSQL database include the following:

  • Get, which retrieves a single item from the table based on matching the primary key.

  • Query, which finds items in a table or a secondary index using only primary key attribute values.

  • Scan, which reads every item in a table or secondary index. By default, a Scan operation returns all of the data attributes for every item in the table or index. You can use Scan to return only some attributes, rather than all of them.

  • Query with Filter`s, which performs a :code:`Query but returns results that are filtered based on a filter expression you create.

  • Scan with Filters, which performs a Scan but returns results that are filtered based on a filter expression you create.

For more information, see Query and Scan Operations in DynamoDB.

Viewing AWS Resources Provisioned for this Feature

The following image shows the Mobile HubResources pane displaying the AWS elements typically provisioned for the NoSQL Database feature:

Quickstart App Details

In the Mobile Hub quickstart app, the NoSQL Database demo shows a list of all tables created during app configuration. Selecting a table shows a list of all queries that are available for that table, based on the choices made regarding its primary indexes, secondary indexes, and sort keys. Tables that you make using the example templates enable an app user to insert and remove sample data from within the app.