Bird
0
0

You wrote this IAM policy condition:

medium📝 Debug Q6 of 15
DynamoDB - Security and Access Control
You wrote this IAM policy condition:
{"Condition": {"StringEquals": {"dynamodb:LeadingKeys": "user123"}}}

Why might this cause an error when enforcing fine-grained access control?
AThe policy must use StringNotEquals instead
BStringEquals is not a valid condition operator
Cdynamodb:LeadingKeys expects a list, not a single string
DLeadingKeys cannot be used in conditions
Step-by-Step Solution
Solution:

  1. Step 1: Check expected data type for dynamodb:LeadingKeys

    dynamodb:LeadingKeys requires a list of strings, even if only one key is specified.

  2. Step 2: Identify the error in the policy

    The policy uses a single string instead of a list, causing a syntax or runtime error.

  3. Final Answer:

    dynamodb:LeadingKeys expects a list, not a single string -> Option C

  4. Quick Check:

    LeadingKeys must be a list in IAM conditions [OK]
Quick Trick: Always use a list for dynamodb:LeadingKeys values [OK]
Common Mistakes:
MISTAKES
  • Using a single string instead of a list
  • Misusing condition operators

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More DynamoDB Quizzes
Access Patterns and Query Optimization - Why access patterns drive design - Quiz 13medium Access Patterns and Query Optimization - Hot partition prevention - Quiz 3easy Backup and Recovery - Import from S3 - Quiz 7medium Cost Optimization and Monitoring - On-demand vs provisioned cost comparison - Quiz 8hard Cost Optimization and Monitoring - Reserved capacity - Quiz 3easy Cost Optimization and Monitoring - Cost estimation for access patterns - Quiz 14medium DynamoDB with AWS SDK - Expressions with SDK helpers - Quiz 3easy DynamoDB with AWS SDK - Expressions with SDK helpers - Quiz 6medium DynamoDB with Serverless - Lambda function with DynamoDB - Quiz 9hard Security and Access Control - IAM policy for DynamoDB - Quiz 12easy