AWS Security ChangesHomeSearch

AWS amazondynamodb medium security documentation change

Service: amazondynamodb · 2025-05-25 · Security-related medium

File: amazondynamodb/latest/developerguide/V2gt_IAM.md

Summary

Added warning about unsupported IAM policy conditions for global tables replication

Security assessment

The change explicitly warns that applying fine-grained IAM policy conditions to global tables replication components may cause service disruption. This addresses a potential misconfiguration risk that could impact system availability.

Diff

diff --git a/amazondynamodb/latest/developerguide/V2gt_IAM.md b/amazondynamodb/latest/developerguide/V2gt_IAM.md
index abf5ab122..718c24133 100644
--- a//amazondynamodb/latest/developerguide/V2gt_IAM.md
+++ b//amazondynamodb/latest/developerguide/V2gt_IAM.md
@@ -78,0 +79,4 @@ To use `UpdateTimeToLive` you must have permission for `dynamodb:UpdateTimeToLiv
+###### Important
+
+[Using IAM policy conditions for fine-grained access control](./specifying-conditions.html) isn't supported for restricting global tables replication. Applying policy conditions for fine-grained access control to DynamoDB service principals or service-linked roles used for global tables replication may interrupt replication within a global table.
+