Bird
0
0

Given this IAM policy snippet, which items can the user access?

medium📝 query result Q13 of 15
DynamoDB - Security and Access Control
Given this IAM policy snippet, which items can the user access?
{
  "Effect": "Allow",
  "Action": "dynamodb:GetItem",
  "Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/Orders",
  "Condition": {
    "ForAllValues:StringEquals": {
      "dynamodb:LeadingKeys": ["user123"]
    }
  }
}
AAll items in the Orders table
BOnly items with partition key 'user123'
CItems with any partition key except 'user123'
DNo items, because the policy is invalid
Step-by-Step Solution
Solution:

  1. Step 1: Analyze the IAM policy condition

    The condition restricts access to items where the partition key matches 'user123'.

  2. Step 2: Determine accessible items

    Only items with partition key 'user123' are accessible; others are denied.

  3. Final Answer:

    Only items with partition key 'user123' -> Option B

  4. Quick Check:

    Condition limits to 'user123' keys [OK]
Quick Trick: Check the LeadingKeys value to find accessible items [OK]
Common Mistakes:
MISTAKES
  • Assuming access to all items
  • Thinking policy denies all access
  • Ignoring the condition block

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More DynamoDB Quizzes
Access Patterns and Query Optimization - Why access patterns drive design - Quiz 13medium Access Patterns and Query Optimization - Hot partition prevention - Quiz 3easy Backup and Recovery - Import from S3 - Quiz 7medium Cost Optimization and Monitoring - On-demand vs provisioned cost comparison - Quiz 8hard Cost Optimization and Monitoring - Reserved capacity - Quiz 3easy Cost Optimization and Monitoring - Cost estimation for access patterns - Quiz 14medium DynamoDB with AWS SDK - Expressions with SDK helpers - Quiz 3easy DynamoDB with AWS SDK - Expressions with SDK helpers - Quiz 6medium DynamoDB with Serverless - Lambda function with DynamoDB - Quiz 9hard Security and Access Control - IAM policy for DynamoDB - Quiz 12easy