Post

DDB Policies

Posted Updated
By Arctic Technology 1 min read

DDB Policies

  • DDB Full Access Limited Tables Policy:
    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

    {
  "Version": "2012-10-17",
  "Statement": [
      {
          "Sid": "VisualEditor0",
          "Effect": "Allow",
          "Action": [
              "dynamodb:ListContributorInsights",
              "dynamodb:DescribeReservedCapacityOfferings",
              "dynamodb:ListGlobalTables",
              "dynamodb:ListTables",
              "dynamodb:DescribeReservedCapacity",
              "dynamodb:ListBackups",
              "dynamodb:PurchaseReservedCapacityOfferings",
              "dynamodb:ListImports",
              "dynamodb:DescribeEndpoints",
              "dynamodb:DescribeLimits",
              "dynamodb:ListExports",
              "dynamodb:ListStreams"
          ],
          "Resource": "*"
      },
      {
          "Sid": "VisualEditor1",
          "Effect": "Allow",
          "Action": [
              "dynamodb:DescribeContributorInsights",
              "dynamodb:RestoreTableToPointInTime",
              "dynamodb:UpdateGlobalTable",
              "dynamodb:DeleteTable",
              "dynamodb:UpdateTableReplicaAutoScaling",
              "dynamodb:DescribeTable",
              "dynamodb:PartiQLInsert",
              "dynamodb:GetItem",
              "dynamodb:DescribeContinuousBackups",
              "dynamodb:DescribeExport",
              "dynamodb:EnableKinesisStreamingDestination",
              "dynamodb:BatchGetItem",
              "dynamodb:DisableKinesisStreamingDestination",
              "dynamodb:UpdateTimeToLive",
              "dynamodb:BatchWriteItem",
              "dynamodb:PutItem",
              "dynamodb:PartiQLUpdate",
              "dynamodb:Scan",
              "dynamodb:StartAwsBackupJob",
              "dynamodb:UpdateItem",
              "dynamodb:UpdateGlobalTableSettings",
              "dynamodb:CreateTable",
              "dynamodb:RestoreTableFromAwsBackup",
              "dynamodb:GetShardIterator",
              "dynamodb:ExportTableToPointInTime",
              "dynamodb:DescribeBackup",
              "dynamodb:UpdateTable",
              "dynamodb:GetRecords",
              "dynamodb:DescribeTableReplicaAutoScaling",
              "dynamodb:DescribeImport",
              "dynamodb:DeleteItem",
              "dynamodb:CreateTableReplica",
              "dynamodb:ListTagsOfResource",
              "dynamodb:UpdateContributorInsights",
              "dynamodb:CreateBackup",
              "dynamodb:UpdateContinuousBackups",
              "dynamodb:TagResource",
              "dynamodb:PartiQLSelect",
              "dynamodb:UpdateGlobalTableVersion",
              "dynamodb:CreateGlobalTable",
              "dynamodb:DescribeKinesisStreamingDestination",
              "dynamodb:ImportTable",
              "dynamodb:UntagResource",
              "dynamodb:ConditionCheckItem",
              "dynamodb:Query",
              "dynamodb:DescribeStream",
              "dynamodb:DeleteTableReplica",
              "dynamodb:DescribeTimeToLive",
              "dynamodb:DescribeGlobalTableSettings",
              "dynamodb:DescribeGlobalTable",
              "dynamodb:RestoreTableFromBackup",
              "dynamodb:DeleteBackup",
              "dynamodb:PartiQLDelete"
          ],
          "Resource": [
              "arn:aws:dynamodb:*:116583825520:table/LITE_ProductTable/backup/*",
              "arn:aws:dynamodb:us-east-1:116583825520:table/LITE_ProductTable",
              "arn:aws:dynamodb:*:116583825520:table/LITE_ProductTable/import/*",
              "arn:aws:dynamodb:*:116583825520:table/LITE_ProductTable/index/*",
              "arn:aws:dynamodb:*:116583825520:table/LITE_ProductTable/export/*",
              "arn:aws:dynamodb:*:116583825520:table/LITE_ProductTable/stream/*",
              "arn:aws:dynamodb::116583825520:global-table/LITE_ProductTable"
          ]
      }
  ]
}
  • DDB Read Write Policy:
    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47

    {
  "Version": "2012-10-17",
  "Statement": [
      {
          "Sid": "DynamoDBIndexAndStreamAccess",
          "Effect": "Allow",
          "Action": [
              "dynamodb:GetShardIterator",
              "dynamodb:Scan",
              "dynamodb:Query",
              "dynamodb:DescribeStream",
              "dynamodb:GetRecords",
              "dynamodb:ListStreams"
          ],
          "Resource": [
              "arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/Users/index/*",
              "arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/Users/stream/*"
          ]
      },
      {
          "Sid": "DynamoDBTableAccess",
          "Effect": "Allow",
          "Action": [
              "dynamodb:BatchGetItem",
              "dynamodb:BatchWriteItem",
              "dynamodb:ConditionCheckItem",
              "dynamodb:PutItem",
              "dynamodb:DescribeTable",
              "dynamodb:DeleteItem",
              "dynamodb:GetItem",
              "dynamodb:Scan",
              "dynamodb:Query",
              "dynamodb:UpdateItem"
          ],
          "Resource": "arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/Users"
      },
      {
          "Sid": "DynamoDBDescribeLimitsAccess",
          "Effect": "Allow",
          "Action": "dynamodb:DescribeLimits",
          "Resource": [
              "arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/Users",
              "arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/Users/index/*"
          ]
      }
  ]
}
Aws-iam, Useful-Policies
aws iam
This post is licensed under CC BY 4.0 by the author.