You need to allow a Lambda function to write to a DynamoDB table only if the item's partition key starts with 'user#'. How can you enforce this in the IAM policy?

hard🚀 Application Q9 of 15

DynamoDB - Security and Access Control

ASet Resource ARN to 'arn:aws:dynamodb:::table/user#*'.

BUse a Condition with StringLike on 'dynamodb:LeadingKeys' set to 'user#*'.

CAllow all writes and filter in the Lambda code.

DUse Effect Deny for keys not starting with 'user#'.

Step-by-Step Solution

Solution:

Step 1: Use Condition to restrict partition keys
The 'dynamodb:LeadingKeys' condition key can restrict access based on partition key patterns.
Step 2: Apply StringLike operator for prefix matching
Using StringLike with 'user#*' matches any key starting with 'user#'.
Final Answer:
Use a Condition with StringLike on 'dynamodb:LeadingKeys' set to 'user#*'. -> Option B
Quick Check:
Condition with StringLike restricts keys by prefix [OK]

Quick Trick: Use StringLike on dynamodb:LeadingKeys for prefix match [OK]

Common Mistakes:

MISTAKES

Trying to use wildcards in Resource ARN
Allowing all writes without restriction
Using Deny instead of Condition for prefix

Master "Security and Access Control" in DynamoDB

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More DynamoDB Quizzes

You need to allow a Lambda function to write to a DynamoDB table only if the item's partition key starts with 'user#'. How can you enforce this in the IAM policy?

Step 1: Use Condition to restrict partition keys

Step 2: Apply StringLike operator for prefix matching

Final Answer:

Quick Check:

Want More Practice?