[Solved] An IAM policy includes:{"Effect": "Allow", "Action": "dynamodb:UpdateItem", "Resource": "arn:aws:dynamodb:us-west-2:123456789012:table/Users", "Condition": {"StringEquals": {"dynamodb:LeadingKeys":... | DynamoDB

DynamoDB - Security and Access Control

An IAM policy includes:

{"Effect": "Allow", "Action": "dynamodb:UpdateItem", "Resource": "arn:aws:dynamodb:us-west-2:123456789012:table/Users", "Condition": {"StringEquals": {"dynamodb:LeadingKeys": ["user123"]}}

but updates fail. What is the likely cause?

AEffect should be Deny to allow updates.

BThe Condition restricts updates to items with partition key 'user123'.

CThe Resource ARN is missing the index name.

DThe Action 'UpdateItem' is invalid.

Step-by-Step Solution

Solution:

Step 1: Understand the Condition element
The Condition restricts updates to items whose partition key matches 'user123'.
Step 2: Reason why updates fail
If the update targets an item with a different key, it will be denied due to this Condition.
Final Answer:
The Condition restricts updates to items with partition key 'user123'. -> Option B
Quick Check:
Condition limits allowed keys [OK]

Quick Trick: Conditions can restrict which items are accessible [OK]

Common Mistakes:

MISTAKES

Ignoring Condition restrictions
Thinking Action is invalid
Assuming Resource must include index

Master "Security and Access Control" in DynamoDB

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

More DynamoDB Quizzes

An IAM policy includes:

Step 1: Understand the Condition element

Step 2: Reason why updates fail

Final Answer:

Quick Check:

Want More Practice?