DynamoDBquery~30 mins

Why IAM policies protect data in DynamoDB - See It in Action

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Why IAM Policies Protect Data in DynamoDB

📖 Scenario: You are managing a DynamoDB table that stores customer orders for an online store. You want to make sure only authorized users can read or write data to this table.

🎯 Goal: Build a simple IAM policy that controls access to a DynamoDB table called Orders. This policy will protect the data by allowing only specific actions.

📋 What You'll Learn

Create a JSON object representing an IAM policy

Include a policy Version and Statement array

Add a statement that allows dynamodb:GetItem and dynamodb:PutItem actions

Restrict the policy to the Orders table ARN

Add a condition to allow access only if the request comes from a specific AWS account ID

💡 Why This Matters

🌍 Real World

IAM policies are essential for securing data in cloud databases by controlling who can read or write data.

💼 Career

Understanding IAM policies is critical for cloud administrators and developers to protect sensitive data and comply with security standards.

Progress0 / 4 steps

Create the basic IAM policy structure

Create a variable called iam_policy and assign it a dictionary with the key Version set to "2012-10-17" and an empty list for the key Statement.

DynamoDB

iam_policy = {
    "Version": "2012-10-17",
    "Statement": []
}
# Your code here

Need a hint?

The policy needs a version and a place to add statements.

Add a statement to allow read and write actions

Add a dictionary to the Statement list in iam_policy with the keys: Effect set to "Allow", Action set to a list containing "dynamodb:GetItem" and "dynamodb:PutItem", and Resource set to the string "arn:aws:dynamodb:us-east-1:123456789012:table/Orders".

DynamoDB

iam_policy = {
    "Version": "2012-10-17",
    "Statement": [
        # Add the statement dictionary here
    ]
}
# Your code here

Need a hint?

The statement must allow specific actions on the Orders table.

Add a condition to restrict access by AWS account ID

Inside the statement dictionary in iam_policy["Statement"], add a Condition key with a dictionary that uses StringEquals to restrict aws:PrincipalAccount to "123456789012".

DynamoDB

iam_policy = {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": ["dynamodb:GetItem", "dynamodb:PutItem"],
            "Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/Orders",
            # Add the Condition dictionary here
        }
    ]
}
# Your code here

Need a hint?

The condition limits access to a specific AWS account.

Complete the IAM policy with all parts combined

Ensure the iam_policy variable contains the full dictionary with Version, one Statement that has Effect, Action, Resource, and Condition restricting access to the Orders table for AWS account 123456789012.

DynamoDB

iam_policy = {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": ["dynamodb:GetItem", "dynamodb:PutItem"],
            "Resource": "arn:aws:dynamodb:us-east-1:123456789012:table/Orders",
            "Condition": {
                "StringEquals": {
                    "aws:PrincipalAccount": "123456789012"
                }
            }
        }
    ]
}
# Your code here

Need a hint?

Review all parts to make sure the policy is complete and correct.