Skip to content

Instantly share code, notes, and snippets.

@shar1z

shar1z/policy.py

Created August 1, 2022 09:53
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shar1z/c59d1ddb0e4e12eb8887114d730009ac to your computer and use it in GitHub Desktop.
Save shar1z/c59d1ddb0e4e12eb8887114d730009ac to your computer and use it in GitHub Desktop.
Download ZIP
Raw
policy.py
def generate_dynamodb_policy(tenant_id):
return {
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query"],
"Resource": [
f"arn:aws:dynamodb:<region>:<account-id>:table/TableName",
f"arn:aws:dynamodb:<region>:<account-id>:table/TableName/index/*",
],
"Condition": {
"ForAllValues:StringLike": {
"dynamodb:LeadingKeys": [f"TENANT#{tenant_id}", f"TENANT#{tenant_id}#*"]
}
}
}]
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment