DynamoDBquery~30 mins

IAM policy for DynamoDB - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

IAM Policy for DynamoDB

📖 Scenario: You are setting up permissions for a cloud application that uses DynamoDB to store user data. To keep the data safe, you need to create an IAM policy that allows only specific actions on a specific DynamoDB table.

🎯 Goal: Create an IAM policy JSON that grants permission to read and write items on a DynamoDB table named UserData.

📋 What You'll Learn

Create a policy document with version 2012-10-17.

Allow the actions dynamodb:GetItem, dynamodb:PutItem, and dynamodb:UpdateItem.

Restrict the permissions to the DynamoDB table named UserData.

Use the correct resource ARN format for the DynamoDB table.

💡 Why This Matters

🌍 Real World

IAM policies control who can access cloud resources and what actions they can perform. Creating precise policies helps keep data secure.

💼 Career

Cloud engineers and developers often write IAM policies to secure access to databases like DynamoDB in real projects.

Progress0 / 4 steps

Create the basic IAM policy structure

Create a dictionary called policy with a key Version set to the string "2012-10-17" and an empty list for the key Statement.

DynamoDB

policy = {
    "Version": "2012-10-17",
    "Statement": []
}
# Your code here

Need a hint?

Start by creating the main dictionary with the version and an empty statement list.

Add the resource ARN for the DynamoDB table

Create a variable called table_arn and set it to the string "arn:aws:dynamodb:*:*:table/UserData" which represents the ARN of the DynamoDB table named UserData.

DynamoDB

policy = {
    "Version": "2012-10-17",
    "Statement": []
}

# Your code here

Need a hint?

Use the correct ARN format for DynamoDB tables with wildcards for region and account.

Add the statement with allowed actions

Add a dictionary to policy["Statement"] with keys: Effect set to "Allow", Action set to a list containing "dynamodb:GetItem", "dynamodb:PutItem", and "dynamodb:UpdateItem", and Resource set to the variable table_arn.

DynamoDB

policy = {
    "Version": "2012-10-17",
    "Statement": []
}

table_arn = "arn:aws:dynamodb:*:*:table/UserData"

# Your code here

Need a hint?

Make sure the statement dictionary is inside the Statement list and uses the variable table_arn for the resource.

Complete the IAM policy JSON

Ensure the policy dictionary is fully formed with the version, statement list containing the allow statement for the specified actions on table_arn. This is the final IAM policy JSON.

DynamoDB

policy = {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem"
            ],
            "Resource": table_arn
        }
    ]
}

# Your code here

Need a hint?

Review the entire policy dictionary to confirm it matches the required structure and values.