You can use Amazon's IAM Web Identity Federation and grant access to resources only for users that have signed in with Google, Facebook etc. with approved user identifiers.
So basically, instead of embedding the AWS access keys in HTML, you use AWS.config.credentials = new AWS.WebIdentityCredentials(...) with the OAuth access tokens you get from Google or Facebook.
For S3, which permits IAM authorisation, there's AWS Cognito as a role-based token vending machine.
For RDS, I suspect DocSavage is likely to soon learn that browsers don't speak RDBMS wire protocols; they'll need a CRUD wrapper at least. The canonical AWS "serverless" solution would be API Gateway + Lambda.
It just happened :/ I actually was planning on DynamoDB until an architect at AWS Loft convinced me last Friday that RDS was easier for my modeling. Won't work, though, if only RDS management is exposed through the Javascript and not the actual RDBMS wire protocols. Back to DynamoDB.
http://docs.aws.amazon.com/AWSJavaScriptSDK/guide/browser-co...
So basically, instead of embedding the AWS access keys in HTML, you use AWS.config.credentials = new AWS.WebIdentityCredentials(...) with the OAuth access tokens you get from Google or Facebook.