DynamoDBquery~30 mins

Condition keys for row-level security in DynamoDB - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Condition keys for row-level security

📖 Scenario: You are building a simple user data table in DynamoDB. Each user should only be able to access their own data. To do this, you will use condition keys to enforce row-level security.

🎯 Goal: Create a DynamoDB table with user data, set up a condition key for user ID, and write a policy condition that allows access only to the user's own data.

📋 What You'll Learn

Create a DynamoDB table named UserData with a primary key UserId (string).

Create a variable user_id with the value "user123".

Write a condition expression that allows access only when UserId equals user_id.

Add a policy statement that uses the condition expression for row-level security.

💡 Why This Matters

🌍 Real World

Row-level security is important in applications where users should only see or modify their own data, such as personal profiles, orders, or messages.

💼 Career

Understanding how to use condition keys in DynamoDB policies is valuable for roles in cloud security, backend development, and database administration.

Progress0 / 4 steps

Create the DynamoDB table structure

Create a DynamoDB table named UserData with a primary key called UserId of type string.

DynamoDB

# Define the DynamoDB table structure
# Your code here

Need a hint?

Use a dictionary to define the table with TableName, KeySchema, and AttributeDefinitions.

Set the user ID variable

Create a variable called user_id and set it to the string "user123".

DynamoDB

UserData = {
    'TableName': 'UserData',
    'KeySchema': [
        {'AttributeName': 'UserId', 'KeyType': 'HASH'}
    ],
    'AttributeDefinitions': [
        {'AttributeName': 'UserId', 'AttributeType': 'S'}
    ],
    'ProvisionedThroughput': {
        'ReadCapacityUnits': 5,
        'WriteCapacityUnits': 5
    }
}
# Create the user_id variable
# Your code here

Need a hint?

Assign the string "user123" to the variable user_id.

Write the condition expression for row-level security

Create a variable called condition_expression that checks if UserId equals user_id using the expression "UserId = :user_id".

DynamoDB

UserData = {
    'TableName': 'UserData',
    'KeySchema': [
        {'AttributeName': 'UserId', 'KeyType': 'HASH'}
    ],
    'AttributeDefinitions': [
        {'AttributeName': 'UserId', 'AttributeType': 'S'}
    ],
    'ProvisionedThroughput': {
        'ReadCapacityUnits': 5,
        'WriteCapacityUnits': 5
    }
}

user_id = "user123"
# Create the condition_expression variable
# Your code here

Need a hint?

Use a string to represent the condition expression comparing UserId to :user_id.

Add the policy statement with the condition

Create a dictionary called policy_statement with the keys Effect set to "Allow", Action set to ["dynamodb:GetItem"], Resource set to "arn:aws:dynamodb:::table/UserData", and Condition set to a dictionary with key "ForAllValues:StringEquals" mapping to a dictionary with "dynamodb:LeadingKeys" equal to a list containing user_id.

DynamoDB

UserData = {
    'TableName': 'UserData',
    'KeySchema': [
        {'AttributeName': 'UserId', 'KeyType': 'HASH'}
    ],
    'AttributeDefinitions': [
        {'AttributeName': 'UserId', 'AttributeType': 'S'}
    ],
    'ProvisionedThroughput': {
        'ReadCapacityUnits': 5,
        'WriteCapacityUnits': 5
    }
}

user_id = "user123"

condition_expression = "UserId = :user_id"
# Create the policy_statement dictionary
# Your code here

Need a hint?

Use a dictionary with keys Effect, Action, Resource, and Condition to define the policy statement.