AWS amazondynamodb high security documentation change
Summary
Added note about DAX compatibility with IPv6-only environments and IP-based resource policies
Security assessment
The update highlights a critical security configuration requirement to avoid blocking DAX access in IPv6 environments. Failure to implement the IAM policy exception could lead to service disruptions, making this a security-relevant documentation improvement.
Diff
diff --git a/amazondynamodb/latest/developerguide/rbac-examples.md b/amazondynamodb/latest/developerguide/rbac-examples.md index 183c04090..5a1ab0954 100644 --- a//amazondynamodb/latest/developerguide/rbac-examples.md +++ b//amazondynamodb/latest/developerguide/rbac-examples.md @@ -250,0 +251,4 @@ You can also deny all access to DynamoDB resources except when the source is a s +###### Important + +When you use DAX with DynamoDB tables that have IP-based resource policies in IPv6-only environments, you must configure additional access rules. If your resource policy restricts access to the IPv4 address space `0.0.0.0/0` on tables, you must allow access for the IAM role associated with your DAX cluster. Add an `ArnNotEquals` condition to your policy to ensure DAX maintains access to your DynamoDB tables. For more information see, [DAX and IPv6](https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.create-cluster.DAX_and_IPV6.html). +