thiagocaiubi/gist:8998e71cc9c65d2c50102ba72eebe999

## gistfile1.txt
You could apply this policy to an IAM user to give it full access to a table named 'TABLE_NAME' and its indices, but without any delete or create permissions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AllowWorkWithData",
            "Effect": "Allow",
            "Action": [
                "dynamodb:*"
            ],
            "Resource": [
                "arn:aws:dynamodb:us-east-1:1234567890:table/TABLE_NAME",
                "arn:aws:dynamodb:us-east-1:1234567890:table/TABLE_NAME/index/*"
                ]
        },
        {
            "Sid": "DenyTableMoficiation",
            "Effect": "Deny",
            "Action": [
                "dynamodb:CreateTable",
                "dynamodb:DeleteTable",
                "dynamodb:UpdateTable",
                "dynamodb:PurchaseReservedCapacityOfferings"
            ],
            "Resource": "arn:aws:dynamodb:us-east-1:1234567890:*"
        }
    ]
}

You can replace the table name by '*' (without quotes) for any table, and the region by '*' as well to apply to all regions.
	You could apply this policy to an IAM user to give it full access to a table named 'TABLE_NAME' and its indices, but without any delete or create permissions:

	{
	"Version": "2012-10-17",
	"Statement": [
	{
	"Sid": "AllowWorkWithData",
	"Effect": "Allow",
	"Action": [
	"dynamodb:*"
	],
	"Resource": [
	"arn:aws:dynamodb:us-east-1:1234567890:table/TABLE_NAME",
	"arn:aws:dynamodb:us-east-1:1234567890:table/TABLE_NAME/index/*"
	]
	},
	{
	"Sid": "DenyTableMoficiation",
	"Effect": "Deny",
	"Action": [
	"dynamodb:CreateTable",
	"dynamodb:DeleteTable",
	"dynamodb:UpdateTable",
	"dynamodb:PurchaseReservedCapacityOfferings"
	],
	"Resource": "arn:aws:dynamodb:us-east-1:1234567890:*"
	}
	]
	}

	You can replace the table name by '' (without quotes) for any table, and the region by '' as well to apply to all regions.