[morpheuskafka]

The key is that DynamoDB is just any old web service as far as you code is concerned. Everyone uses the same public endpoint, same domain name, same API, authenticate with IAM. You can also integrate it by using DynamoDB Streams as a trigger for Lambda functions which is of course a purpose-built feature. There is DynamoDB Accelerator (DAX) which is a cacher running in EC2 that runs as a normal VM with an EIP.

TL;DR: RDS and this new DocumentDB are essentially AWS managing your database VMs in EC2. Advantage is drop in compat with regular apps expecting to reach a local server, because it is local to your VPC and uses normal ports. Can make them public accessible via VPC firewall, but less secure that way. DynamoDB was designed from the ground up as an HTTPS API and that's the only way its accessed.