We use IAM for authentication and access management for DynamoDB.
For signing from the console, we define users that have sufficient privileges to access DynamoDB resources.
We use IAM roles and policies to access the DynamoDB tables to perform read/write operations. When we use IAM roles, it creates temporary tokens to authenticate and provide access to DynamoDB resources.
If we have applications running on EC2 instances, we can map the IAM roles to grant permission to access the DynamoDB resources.
When we define an IAM policy to grant permission on DynamoDB, we can define conditions on which permissions take effect.
Let's understand a few permission use cases:
- Grant permissions on a table, but restrict access to ...