Reputation: 1128
AWS IAM: How to grant access for certain user to certain dynamoDB?
Situation: user_1 user_2 dynamodb_1 dynamodb_2
Problematic: I need my user_1 to only get access of the dynamodb_1 and the user_2 the dynamodb_2.
Possibilities: AmazonDynamoDBFullAccess AmazonDynamoDBReadOnlyAccess AWSLambdaDynamoDBExecutionRole AWSLambdaInvocation-DynamoDB
But if I give AmazonDynamoDBFullAccess to the users, they can access both... I'm afraid that someone use this access to steal or suppress everything (because he can now with the secured_key written on the code if he get the app files). A solution would be to put the secured_key into a lambda and wait for the user to send us a request but it may be longer and be more difficult.
Or is this the good way to do secured dynamoDB ? Passing in a lambda ?
Upvotes: 1
Views: 111
Answers (1)
Reputation: 1063
You can apply a policy that only enables actions on DynamoDB tables with the provided name. More details : Allows access to a specific table
Upvotes: 1
Related Questions
- Restrict access to DynamoDB from EC2 instance
- AWS DynamoDB user authorization
- Restrict AWS DynamoDB access from particular AWS VPC
- API Gateway IAM role to access DynamoDB
- AWS IAM Grant permission based on dynamodb attribute values
- How to give access to a DynamoDB table?
- How can I control user access to Amazon DynamoDB data via IAM?
- How to define IAM Policy for a user to have programmatic full or limited access only for specific dynamodb tables?
- Grant permissions "per user" in DynamoDB?
- How can I use IAM policies to gain fine-grained access control for DynamoDB?