[Solved] A developer wrote this IAM policy to allow reading from a DynamoDB table but it doesn't work:{ "Effect": "Allow", "Action": "dynamodb:GetItem", "Resource":... | DynamoDB

DynamoDB - Security and Access Control

A developer wrote this IAM policy to allow reading from a DynamoDB table but it doesn't work:

{
  "Effect": "Allow",
  "Action": "dynamodb:GetItem",
  "Resource": "arn:aws:dynamodb:us-west-2:123456789012:table"
}

What is the error?

AThe Action dynamodb:GetItem is invalid

BThe Resource ARN is incomplete; it must specify the table name

CEffect should be Deny to allow access

DThe policy must include a Condition block

Step-by-Step Solution

Solution:

Step 1: Check the Resource ARN format
The ARN ends with :table but lacks the specific table name, so it is incomplete.
Step 2: Understand ARN requirements for DynamoDB
IAM policies require full ARN including the table name to apply permissions correctly.
Final Answer:
The Resource ARN is incomplete; it must specify the table name -> Option B
Quick Check:
Complete ARN needed for resource [OK]

Quick Trick: Always include full table name in ARN [OK]

Common Mistakes:

MISTAKES

Master "Security and Access Control" in DynamoDB

9 interactive learning modes - each teaches the same concept differently

More DynamoDB Quizzes

A developer wrote this IAM policy to allow reading from a DynamoDB table but it doesn't work: