AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2025-07-25 · Documentation medium

File: prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md

Summary

Added detailed IAM policy example for DynamoDB attribute-based access control

Security assessment

Added example policy demonstrates security best practice for least-privilege access to specific DynamoDB attributes

Diff

diff --git a/prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md b/prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md
index f9ffee7a8..6ae5ae67c 100644
--- a//prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md
+++ b//prescriptive-guidance/latest/privacy-reference-architecture/grant-access-dynamodb-attributes.md
@@ -12,0 +13,33 @@ As your organization discusses strategies to physically and logically separate p
+    {
+       "Version":"2012-10-17",
+       "Statement":[
+          {
+             "Effect":"Allow",
+             "Action":[
+                "dynamodb:GetItem",
+                "dynamodb:BatchGetItem",
+                "dynamodb:Query",
+                "dynamodb:Scan",
+                "dynamodb:TransactGetItems"
+             ],
+             "Resource":[
+                "arn:aws:dynamodb:us-west-2:123456789012:dynamodb:table/Users"
+             ],
+             "Condition":{
+                "ForAllValues:StringEquals":{
+                   "dynamodb:Attributes":[
+                      "UserID",
+                      "SignUpTime",
+                      "LastLoggedIn"
+                   ]
+                },
+                "StringEquals":{
+                   "dynanamodb:Select":[
+                      "SPECIFIC_ATTRIBUTES"
+                   ]
+                }  
+             }
+          }
+       ]
+    }
+