Hi there,
As far as I can understand you want to encapsulate your data on dynamodb and expose it through the API in a controlled manner. I'm not sure about the granularity you require though. Is table level granularity enough or you want more than that? Consider that scenario; there're 3 tables under your database 1, tbl1, tbl2 and tbl3. You'll be able to allow client 1 to access only tbl2 and not the other 2. Is that granularity enough or do you want to be able to limit access at row level under each table, e.g allow client 1 to access rows 0-5(indice used for clarity this filter condition might be something else as well) under table 1?
No problem about the settings and client management. I would create a page behind a login where you can manage these aspects.
There're several additional points to consider like operations to be exposed, read/write(both?) access for clients, the language to implement the API in, any other features you want for API like rate limiting, preference for any auth scheme like oauth, ect. I can create a detailed spec. if you get back to me, thanks.