Allow a DynamoDB User to modify a subset of documents -


how can create policy in dynamodb, allows corresponding iam users modify subset of documents in table?

for example, let's there attribute published, , want iam user perform putitem , updateitem on documents have published: false.

you can use dynamodb fine-grained access control on hash key value. save item "draft" pre-pended hash-key value , use following policy:

{     "version": "2012-10-17",     "statement": [         {             "effect": "allow",             "action": [                 "dynamodb:updateitem",             ],             "resource": [                 "arn:aws:dynamodb:region:account_number:table/table_name"             ],             "condition": {                 "forallvalues:stringlike": {                    "dynamodb:leadingkeys":  ["draft*"],                 }             }         }     ] } 

adapted https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/fgac_ddb.html


Comments

Popular posts from this blog

qt - Using float or double for own QML classes -

Create Outlook appointment via C# .Net -

ios - Swift Array Resetting Itself -