AWS Security ChangesHomeSearch

AWS amazondynamodb documentation change

Service: amazondynamodb · 2026-01-16 · Documentation medium

File: amazondynamodb/latest/developerguide/Streams.Lambda.md

Summary

Added cross-account Lambda trigger support documentation with resource-based policy guidance.

Security assessment

Documents secure cross-account access configuration using resource-based policies. While not fixing a vulnerability, it adds security-relevant documentation for access control.

Diff

diff --git a/amazondynamodb/latest/developerguide/Streams.Lambda.md b/amazondynamodb/latest/developerguide/Streams.Lambda.md
index 41cf8a553..2411d0f85 100644
--- a//amazondynamodb/latest/developerguide/Streams.Lambda.md
+++ b//amazondynamodb/latest/developerguide/Streams.Lambda.md
@@ -34 +34 @@ As performance best practices, the Lambda function needs to be short lived. To a
-You cannot use the same Lambda trigger across different AWS accounts. Both the DynamoDB table and the Lambda functions must belong to the same AWS account. 
+You can use Lambda triggers across different AWS accounts by configuring a resource-based policy on the DynamoDB stream to grant the cross-account read access to Lambda function. To learn more about how to configure your stream to allow cross-account access, see [Share access with cross-account AWS Lambda functions](./rbac-cross-account-access.html#shared-access-cross-acount-lambda) in the DynamoDB Developer Guide.