Amazon DynamoDB announces support for Attribute-Based Access Control
Amazon DynamoDB now supports Attribute-Based Access Control (ABAC) for tables and indexes. ABAC is an authorization strategy that defines access permissions based on tags attached to users, roles, and AWS resources.
With ABAC, you can now use your tags to configure access permissions and policies. Tag-based access conditions can be used to allow or deny specific actions, when AWS Identity and Access Management (IAM) principals’ tags match the tags on an Amazon DynamoDB table. With the flexibility of using tag-based conditions, you can now set more granular access permissions based on your organizational structures. ABAC allows you to scale your tag-based permissions to new employees and changing resource structures, without rewriting policies as organizations grow. ABAC is supported through the AWS Management Console, AWS API, AWS CLI, AWS SDK, and AWS CloudFormation.
Attribute-Based Access Control for Amazon DynamoDB is now available in limited preview in the US East (Ohio), US East (Virginia), and US West (N. California) Regions. To request access to the limited preview, visit the preview page.