Database Reference
In-Depth Information
Using IAM to provide access control to
DynamoDB
Some of you might be aware of the concept called access control on resources. This is a
very familiar concept in relational databases where we can have multiple users accessing
the same database but different roles. This is very crucial from the application's security
point of view. A user should have privileges and access to only the required resources in
order to avoid misuse. In order to implement the concept on Cloud, AWS supports Identity
and Access Management ( IAM ) as a service. This service allows us to perform the fol-
lowing:
• Create multiple AWS accounts that access the same resources with different priv-
ileges
• Create group users with similar privileges for the same level of accesses
• Create separate user credentials for each user and maintain privacy
• Provide fine-grained control on shared resources
• Get a collective bill for all the users under one account
We can use IAM to control DynamoDB resources and API accesses to users. To do so, you
need to create an IAM policy that would list down details about the policy, such as what
permission does this user have on a certain table, whether a particular group can edit/delete
a record from a table, and so on. For example, you can create a table, say Author, in your
account and then create a policy document describing its access definitions. Once done,
you can apply that policy on certain IAM users that would restrict them to their defined
roles. Suppose you have provided read-only access to the user Jack, then he would only be
able to read the Author table and would not be able to edit/delete anything from it.
Search WWH ::




Custom Search