DynamoDB - Permissions API
user-pcr
The DynamoDB API offers a large set of actions that require permissions. When setting up permissions, you must set the allowed actions, the allowed resources, and the conditions for each.
You can specify actions in the Policy Action field. Specify a resource value in the Resource field of the policy. But make sure you are using the correct syntax prefixing Dynamodb:: with the API operation.
For example - Dynamodb: CreateTable
You can also use conditional keys to filter permissions.
Permissions and API Actions
Take a close look at the API actions and associated permissions listed in the following table:
| API operation | Required permission |
|---|---|
| BatchGetItem | dynamodb:BatchGetItem |
| BatchWriteItem | dynamodb:BatchWriteItem |
| CreateTable | dynamodb: CreateTable |
| Delete item | dynamodb: DeleteItem |
| DeleteTable | dynamodb: DeleteTable |
| DescribeLimits | dynamodb: DescribeLimits |
| DescribeReservedCapacity | dynamodb: DescribeReservedCapacity |
| DescribeReservedCapacityOfferings | dynamodb: DescribeReservedCapacityOfferings |
| DescribeStream | dynamodb: DescribeStream |
| DescribeTable | dynamodb: DescribeTable |
| GetItem | dynamodb: GetItem |
| GetRecords | dynamodb: GetRecords |
| GetShardIterator | dynamodb: GetShardIterator |
| ListStreams | dynamodb: ListStreams |
| ListTables | dynamodb: ListTables |
| PurchaseReservedCapacityOfferings | dynamodb:PurchaseReservedCapacityOfferings |
| PutItem | dynamodb: PutItem |
| inquiry | dynamodb: Request |
| scanning | dynamodb: Scan |
| UpdateItem | dynamodb: UpdateItem |
| update table | dynamodb: UpdateTable |
Resources
In the following table, you can view the resources associated with each allowed API action −
arn: aws: dynamodb: region: account-id: table-name of table/
or
account-id:: // index table-name / index-table-name ARN: AWS: dynamodb: region
arn: aws: dynamodb: region: account-id: table-name of table/
or
account-id:: // index table-name / index-table-name ARN: AWS: dynamodb: region
