Database Reference
In-Depth Information
Sample IAM policies
In this section, we will try to list some sample IAM policies that would be helpful to you.
We have already one example policy document that enables users to view the AWS Dy-
namoDB console. Now let's try to explore more of these policy documents.
Providing read-only access to items from all DynamoDB tables
To read items, there are only two APIs called
GetItem
and
BatchGetItem
. So in this
document, we are allowing only those actions for all the tables, as shown in the following
code:
{
"Version": "2012-10-17", # Version of AWS API
"Statement": [
{
"Effect": "Allow", # Allow means enable the
below given operations
"Action": [
"dynamodb:GetItem", # DynamoDB operations
to be considered
"dynamodb:BatchGetItem"
],
"Resource": "*" # Any AWS resource, here it
means all DynamoDB tables
}
]
}
Restrict users from deleting all the tables and items from a table
In this policy, we are restricting any delete action that comes to DynamoDB from any user.
The statement for the same would look as the following code:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Deny",
"Action": ["dynamodb:DeleteItem",
