AWS amazondynamodb medium security documentation change
Summary
Added warning about unsupported IAM policy conditions for global tables replication
Security assessment
The change explicitly warns that applying fine-grained IAM policy conditions to global tables replication components may cause service disruption. This addresses a potential misconfiguration risk that could impact system availability.
Diff
diff --git a/amazondynamodb/latest/developerguide/V2gt_IAM.md b/amazondynamodb/latest/developerguide/V2gt_IAM.md index abf5ab122..718c24133 100644 --- a//amazondynamodb/latest/developerguide/V2gt_IAM.md +++ b//amazondynamodb/latest/developerguide/V2gt_IAM.md @@ -78,0 +79,4 @@ To use `UpdateTimeToLive` you must have permission for `dynamodb:UpdateTimeToLiv +###### Important + +[Using IAM policy conditions for fine-grained access control](./specifying-conditions.html) isn't supported for restricting global tables replication. Applying policy conditions for fine-grained access control to DynamoDB service principals or service-linked roles used for global tables replication may interrupt replication within a global table. +