Posted On: Mar 20, 2024
Amazon DynamoDB now supports resource-based policies to help you simplify access control for your DynamoDB resources. With resource-based policies, you can specify the Identity and Access Management (IAM) principals that have access to a resource and what actions they can perform on it. You can attach a resource-based policy to a DynamoDB table or a stream. The resource-based policy that you attach to a table can include access permissions to its indexes. The resource-based policy that you attach to a stream can include access permissions to the stream. With resource-based policies, you can also simplify cross-account access control for sharing resources with IAM principals of different AWS accounts.
Resource-based policies support integrations with IAM Access Analyzer and Block Public Access (BPA) capabilities. IAM Access Analyzer reports cross-account access to external entities specified in resource-based policies, and the findings provide visibility to help you refine permissions and conform to least privilege. BPA helps you prevent public access to your DynamoDB tables, indexes, and streams, and is automatically enabled in the resource-based policies creation and modification workflows.
Resource-based policies for DynamoDB is available in all AWS Commercial Regions. There is no additional cost to use the feature. You can get started with resource-based policies by using the AWS Management Console, AWS API, AWS CLI, AWS SDK, or AWS CloudFormation. Learn more at Using resource-based policies with DynamoDB.