I'm building a Python based desktop application to work with some AWS services. The application has a front-end built with the kivy framework and AWS boto3 being the primary tool in the back-end. So my aim is to access services such as AWS IoT & DynamoDB using this application.
The question is, according to AWS standards, we've three modes of authentication for boto3 to access AWS servers.
1. X.509 certificates
2. IAM Authentication
3. Cognito Identities
X.509 certificates are mostly preferred for embedded devices and not in applications.
That leaves me with 2 options, either IAM or Cognito.
I'm not convinced with the idea of hard coding credentials into our code.
In such a case which one of these is a better way of authentication and why?
Do we really have a problem if we hard-code IAM credentials in our application code?