Created
July 27, 2016 12:07
-
-
Save thiagocaiubi/8998e71cc9c65d2c50102ba72eebe999 to your computer and use it in GitHub Desktop.
IAM Roles DynamoDB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
You could apply this policy to an IAM user to give it full access to a table named 'TABLE_NAME' and its indices, but without any delete or create permissions: | |
{ | |
"Version": "2012-10-17", | |
"Statement": [ | |
{ | |
"Sid": "AllowWorkWithData", | |
"Effect": "Allow", | |
"Action": [ | |
"dynamodb:*" | |
], | |
"Resource": [ | |
"arn:aws:dynamodb:us-east-1:1234567890:table/TABLE_NAME", | |
"arn:aws:dynamodb:us-east-1:1234567890:table/TABLE_NAME/index/*" | |
] | |
}, | |
{ | |
"Sid": "DenyTableMoficiation", | |
"Effect": "Deny", | |
"Action": [ | |
"dynamodb:CreateTable", | |
"dynamodb:DeleteTable", | |
"dynamodb:UpdateTable", | |
"dynamodb:PurchaseReservedCapacityOfferings" | |
], | |
"Resource": "arn:aws:dynamodb:us-east-1:1234567890:*" | |
} | |
] | |
} | |
You can replace the table name by '*' (without quotes) for any table, and the region by '*' as well to apply to all regions. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment