AWS amazondynamodb medium security documentation change
Summary
Added documentation for new AmazonDynamoDBFullAccess_v2 policy and deprecated old policy
Security assessment
Directly addresses security by introducing a more restrictive IAM policy to reduce over-privileged access. Explicitly states deprecation of a less secure policy.
Diff
diff --git a/amazondynamodb/latest/developerguide/ddb-security-iam.awsmanpol.md b/amazondynamodb/latest/developerguide/ddb-security-iam.awsmanpol.md index f3aba3f53..056720c3b 100644 --- a//amazondynamodb/latest/developerguide/ddb-security-iam.awsmanpol.md +++ b//amazondynamodb/latest/developerguide/ddb-security-iam.awsmanpol.md @@ -5 +5 @@ -AWS managed policiesAmazonDynamoDBReadOnlyAccessDynamoDB updates to AWS managed policies +AWS managed policiesAWS managed policy: AmazonDynamoDBFullAccess_v2AmazonDynamoDBReadOnlyAccessDynamoDB updates to AWS managed policies @@ -35,0 +36,33 @@ The definition of this managed policy can be found [here](https://docs.aws.amazo +## AWS managed policy: AmazonDynamoDBFullAccess_v2 + +The scoped-down `AmazonDynamoDBFullAccess_v2` policy grants specific access privileges to users. You can attach the `AmazonDynamoDBFullAccess_v2` policy to your IAM identities. This policy grants administrative access to Amazon DynamoDB resources and grants an IAM identity (such as a user, group, or role) access to the AWS services that DynamoDB is integrated with to use all of DynamoDB features. Using this policy allows access to all of DynamoDB features that are available in the AWS Management Console. + +**Permissions details** + +This policy includes the following permissions: + + * `Amazon DynamoDB` + + * `DynamoDB Accelerator` + + * `AWS KMS` + + * `AWS Resource Groups Tagging` + + * `Lambda` + + * `Application Auto Scaling` + + * `CloudWatch` + + * `Amazon Kinesis` + + * `Amazon EC2` + + * `IAM` + + + + +To review the policy in `JSON` format, see [AmazonDynamoDBFullAccess_v2](https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonDynamoDBFullAccess_v2.html). + @@ -82,0 +116 @@ Change | Description | Date Changed +`AmazonDynamoDBFullAccess` – Deprecated | This policy has been replaced by a scoped-down policy named `AmazonDynamoDBFullAccess_v2`. After **April, 2025** , you can't attach the `AmazonDynamoDBFullAccess` policy to any new users, groups, or roles. For more information, see AWS managed policy: AmazonDynamoDBFullAccess_v2. | April 28, 2025