Jan 19, 2022

Allow Access to Specific Attributes in a DynamoDB Table

Amazon Web Services Amazon DynamoDB
0
0
Ivan Dwyer
Ivan DwyerFounder at IAM Pulse
{{ }} Substitute variables

Adjust the variable values according to your preference.

Policy Code

Referenced from: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_dynamodb_attributes.html

1{
2    "Version": "2012-10-17",
3    "Statement": [
4        {
5            "Effect": "Allow",
6            "Action": [
7                "dynamodb:GetItem",
8                "dynamodb:BatchGetItem",
9                "dynamodb:Query",
10                "dynamodb:PutItem",
11                "dynamodb:UpdateItem",
12                "dynamodb:DeleteItem",
13                "dynamodb:BatchWriteItem"
14            ],
15            "Resource": ["arn:aws:dynamodb:*:*:table/{{tableName}}"],
16            "Condition": {
17                "ForAllValues:StringEquals": {
18                    "dynamodb:Attributes": [
19                        "{{columnName1}}",
20                        "{{columnName2}}",
21                        "{{columnName3}}"
22                    ]
23                },
24                "StringEqualsIfExists": {"dynamodb:Select": "SPECIFIC_ATTRIBUTES"}
25            }
26        }
27    ]
28}
DOC

Replace {{tableName}} with the name of your DynamoDB table. Then for every attribute you wish to allow permissions for, specify the column name in the dynamodb:Attributes list.

    Get the IAM Pulse Check Newsletter

    We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.

    Checkout past issues for a sampling of the goods.