Amazon Web Services: RDS + Web Service vs DynamoDB API for Mobile App. What's Easiest/Best for Security?

Amazon Web Services: RDS + Web Service vs DynamoDB API for Mobile App.
What's Easiest/Best for Security?

I'm building a mobile app that needs a backend that I've chosen to host
using Amazon Web Services.
Their mobile SDKs provide APIs to work directly with the DynamoDB (making
my app a thick client), including user authentication/authorization with
their IAM service (which is what I'm going to use to track users). This
makes it easy to say "user X wants their information. Here's their
temporary access key. Oh, here's the information you requested."
However, if I used RDS as a backend database, I'd have to create web
services (in PHP or Java/etc) that my app can talk to. Then I'd also have
to implement the authentication/authorization myself within my web service
(which I feel could get very messy). I'd also have to host the web service
on an EC2 instance, as well as having the RDS instance. So my costs would
increase.
The latter seems like it would be a lot of work, something which I could
avoid by using DynamoDB (and its API) as my backend.
Am I correct in my reasoning here? Or is there an easy way to
authenticate/authorize a PHP web service with an AWS RDS database?
I ask because I've only ever worked with relational databases before, so
there would be a learning curve to get the NoSQL db running. Though
hypothetically my plan is to eventually switch to a NoSQL db at some point
in the future anyways due to my apps increasing demands.