AWS prescriptive-guidance documentation change
Summary
Added detailed IAM policy example for DynamoDB attribute-based access control
Security assessment
Added example policy demonstrates security best practice for least-privilege access to specific DynamoDB attributes
Diff
diff --git a/prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md b/prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md index f9ffee7a8..6ae5ae67c 100644 --- a//prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md +++ b//prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md @@ -12,0 +13,33 @@ As your organization discusses strategies to physically and logically separate p + { + "Version":"2012-10-17", + "Statement":[ + { + "Effect":"Allow", + "Action":[ + "dynamodb:GetItem", + "dynamodb:BatchGetItem", + "dynamodb:Query", + "dynamodb:Scan", + "dynamodb:TransactGetItems" + ], + "Resource":[ + "arn:aws:dynamodb:us-west-2:123456789012:dynamodb:table/Users" + ], + "Condition":{ + "ForAllValues:StringEquals":{ + "dynamodb:Attributes":[ + "UserID", + "SignUpTime", + "LastLoggedIn" + ] + }, + "StringEquals":{ + "dynanamodb:Select":[ + "SPECIFIC_ATTRIBUTES" + ] + } + } + } + ] + } +