You want to protect sensitive data in your DynamoDB table by allowing only users with a specific IAM role to update items. Which approach best uses IAM policies to achieve this?

hard🚀 Application Q15 of 15

DynamoDB - Security and Access Control

ACreate an IAM policy that allows dynamodb:UpdateItem only for the role's ARN on the table resource

BGrant all users dynamodb:UpdateItem permission and rely on application code to check roles

CUse a policy that denies dynamodb:UpdateItem for everyone except the root user

DCreate a policy allowing dynamodb:UpdateItem on all tables for all users

Step-by-Step Solution

Solution:

Step 1: Identify the need for role-based permission
Only users with a specific IAM role should update items, so permissions must be scoped to that role.
Step 2: Use IAM policy to allow UpdateItem only for that role on the table
Creating a policy that allows dynamodb:UpdateItem only for the role's ARN on the table resource enforces this securely.
Final Answer:
Create an IAM policy that allows dynamodb:UpdateItem only for the role's ARN on the table resource -> Option A
Quick Check:
Role-based IAM policy controls updates [OK]

Quick Trick: Scope permissions to specific role and resource [OK]

Common Mistakes:

MISTAKES

Relying on app code instead of IAM
Using overly broad permissions
Denying everyone except root is too restrictive

Master "Security and Access Control" in DynamoDB

9 interactive learning modes - each teaches the same concept differently

Learn Why Deep Visual Try Challenge Project Recall Time

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions

More DynamoDB Quizzes

You want to protect sensitive data in your DynamoDB table by allowing only users with a specific IAM role to update items. Which approach best uses IAM policies to achieve this?

Step 1: Identify the need for role-based permission

Step 2: Use IAM policy to allow UpdateItem only for that role on the table

Final Answer:

Quick Check:

Want More Practice?