Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to give access to a DynamoDB table?

Tags:

In IAM I tried creating the following policy for a user (account id in arn obfuscated):

{
 "Version": "2012-10-17",
 "Statement": [
    {
        "Sid": "VisualEditor0",
        "Effect": "Allow",
        "Action": "dynamodb:*",
        "Resource": "arn:aws:dynamodb:us-west-2:999999999999:table/busUsers"
    }
 ]
}

However, it resulted in:

This policy defines some actions, resources, or conditions that do not provide permissions. To grant access, policies must have an action that has an applicable resource or condition. For details, choose Show remaining Learn more

Show remaining shows:

One or more actions do not have an applicable resource.

I looked up the Learn more link and it says to replace the arn in the Resource element with *. I am confused now. What does * mean? I want to grant access to a specific DynamoDB table of mine. How do I specify that?


EDIT: I removed all DyanamoDB actions and just selected one GetItem and it's: enter image description here

When I deselect GetItem, both error messages go away. When I select table Any, the first error message goes away. When I select Resource Any, the second error message goes away.

like image 548
Old Geezer Avatar asked Dec 29 '17 15:12

Old Geezer


1 Answers

Its because you are granting permissions for all dynamodb actions to a table resource, but not all of those actions are actually applicable to a table.

For example dynamodb:DescribeStream is not applicable to a table, only to a Stream, but your are granting permission to this resource anyway.

You can safely ignore this warning.

EDIT: You may not have realised you can just click Save Policy and it will work fine.

EDIT: Thanks for posting your screenshot. There are no errors here, just warnings, which might be better called tips in this case.

When you enter the ARN of a resource manually, AWS does not appear to recognise what type of resource it is (i.e. a table). If you add the resource through the table ARN generator, you wont any warnings. In either case you end up with the same policy.

like image 63
F_SO_K Avatar answered Sep 21 '22 12:09

F_SO_K