Do you know you can allow the user or group of IAM users to access AWS DynamoDB table with a single policy.
In this quick tutorial you will learn How to create IAM policy to access AWS DynamoDB table.
Lets get started.
Prerequisites
- AWS account
- You should have writes to create the IAM policy.
Creating IAM Policy to Access DynamoDB table
This section will show you the IAM policy which allows users or a group to access the DynamoDB table. Lets go through the code.
- Version is the policy version which is fixed.
- Effect is Allow in each statement as we want to Allow users or group be able to list all the DynamoDB table.
- There are two statements in the IAM policy where
- First statement allows to list and describe all the dynamoDB tables.
- Where as Second statement allows specific table to be accessed by any user or role that is Mytable.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "ListandDescribe",
"Effect": "Allow",
"Action": [
"dynamodb:List*",
"dynamodb:DescribeReservedCapacity*",
"dynamodb:DescribeLimits",
"dynamodb:DescribeTimeToLive"
],
"Resource": "*",
},
{
"Sid": "SpecificTable",
"Effect": "Allow",
"Action": [
"dynamodb:BatchGet*",
"dynamodb:DescribeStream",
"dynamodb:DescribeTable",
"dynamodb:Get*",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:BatchWrite*",
"dynamodb:CreateTable",
"dynamodb:Delete*",
"dynamodb:Update*",
"dynamodb:PutItem"
],
"Resource": "arn:aws:dynamodb:*:*:table/MyTable"
}
]
}
Conclusion
This tutorial demonstrated that how to create IAM policy to access AWS DynamoDB table.