awsUserAgent To check the client application that made the request awsuserid To

Awsuseragent to check the client application that

This preview shows page 592 - 595 out of 796 pages.

aws:UserAgent— To check the client application that made the request. aws:userid— To check the user ID of the requester. aws:username— To check the user name of the requester, if available. Note Key names are case sensitive. For more information about AWS-wide policy keys, see Condition in IAM User Guide . Example Policies for API Actions and Resource Access Topics Allow any DynamoDB actions on all tables (p. 583) Allow read-only access on items in the AWS account's tables (p. 584) Allow put, update, and delete operations on one table (p. 584) Allow access to a specific table and all of its indexes (p. 584) Prevent a partner from using API actions that change data (p. 585) Separate test and production environments (p. 585) Allow access to the DynamoDB console (p. 587) Disallow purchasing of Reserved Capacity offerings (p. 588) This section shows several policies for controlling user access to DynamoDB API actions, and resources such as tables and indexes. For additional policies that address web identity federation and fine-grained access control, see Example Policies for Fine-Grained Access Control (p. 591) . Allow any DynamoDB actions on all tables In this example, we create a policy that lets the recipient use any DynamoDB API action on any of the AWS account's tables. API Version 2012-08-10 583 Amazon DynamoDB Developer Guide Example Policies for API Actions and Resource Access
Image of page 592
{ "Version": "2012-10-17", "Statement": [ { "Effect":"Allow", "Action":"dynamodb:*", "Resource":"*" } ] } Allow read-only access on items in the AWS account's tables In this example, we create a policy that lets the recipient use only the GetItem and BatchGetItem actions with any of the AWS account's tables. { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:BatchGetItem" ], "Resource": "*" } ] } Allow put, update, and delete operations on one table In this example, we create a policy that lets the recipient use the PutItem , UpdateItem and DeleteItem actions with a table named "Books", which is owned by AWS account number 123456789012 . { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:DeleteItem" ], "Resource": "arn:aws:dynamodb:us-west-2:123456789012:table/Books" } ] } Allow access to a specific table and all of its indexes You may want to limit access of one of your users to a specific table and its indexes. API Version 2012-08-10 584 Amazon DynamoDB Developer Guide Example Policies for API Actions and Resource Access
Image of page 593
In this example, we create a policy that gives access to all actions on the table named "Books" and all of its indexes. To test this policy in your own environment, you will need to replace the example account ID "123456789012" with your AWS account ID. { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["dynamodb:*"], "Resource": [ "arn:aws:dynamodb:us-west-2:123456789012:table/Books", "arn:aws:dynamodb:us-west-2:123456789012:table/Books/index/*" ] } ] } Prevent a partner from using API actions that change data IAM Roles provide a way to share a table with another AWS account. For details on creating a role and granting access to another AWS account, see Roles in the IAM documentation.
Image of page 594
Image of page 595

You've reached the end of your free preview.

Want to read all 796 pages?

  • Fall '14
  • Data Management, ........., Amazon Web Services, Amazon River, Amazon Elastic Compute Cloud

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

Stuck? We have tutors online 24/7 who can help you get unstuck.
A+ icon
Ask Expert Tutors You can ask You can ask You can ask (will expire )
Answers in as fast as 15 minutes