Which condition key setup correctly enforces this in an IAM policy?
hard🚀 Application Q15 of 15
DynamoDB - Security and Access Control
You want to enforce row-level security so that users can only update their own items in a DynamoDB table with partition key userId and sort key itemId. Which condition key setup correctly enforces this in an IAM policy?
Partition key userId determines ownership; sort key itemId identifies specific items within a user's partition.
Step 2: Identify correct condition
StringEquals on dynamodb:LeadingKeys with an array of [${aws:userid}, ${aws:itemid}] checks both partition and sort keys match, enforcing row-level security for specific items.
Final Answer:
"Condition": {"StringEquals": {"dynamodb:LeadingKeys": ["${aws:userid}", "${aws:itemid}"]}} -> Option B
Quick Check:
StringEquals dynamodb:LeadingKeys with array = partition and sort key match [OK]
Quick Trick:Use array in dynamodb:LeadingKeys to match partition and sort keys [OK]
Common Mistakes:
MISTAKES
Using dynamodb:Attributes for primary key value checks
Applying ForAllValues:StringEquals which mismatches sort key
Using single string instead of array for both keys
Master "Security and Access Control" in DynamoDB
9 interactive learning modes - each teaches the same concept differently
