All geek questions in one place

Filtering a list of tables through IAM in the DynamoDB admin interface

I am trying to filter a list of table names in the DynamoDB admin user interface using IAM.

When I use this policy, it displays all the tables:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "XXXXXXX",
      "Effect": "Allow",
      "Action": [
        "dynamodb:DescribeTable",
        "dynamodb:ListTables"
      ],
      "Resource": [
        "*"
      ]
    }
  ]
}

When I use this policy, it does not show anything (just the message "Not authorized"):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "XXXXXXX",
      "Effect": "Allow",
      "Action": [
        "dynamodb:DescribeTable",
        "dynamodb:ListTables"
      ],
      "Resource": [
        "us-east-1:XXXXXXXXXXX:table/table_to_show"
      ]
    }
  ]
}

Does anyone know if this is possible?

+4
source share
2 answers

There are two problems in your policy.

As stated in the comment above, the URN is wrong, it should start with arn:aws:dynamodb:*

ListTables dynamoDB AWS You can use resource-level ARNs in IAM policies for all DynamoDB actions, with the exception of ListTables. The ListTables action returns the table names owned by the current account making the request for the current region; it is the only DynamoDB action that does not support resource-level ARN policies. , , , DescribeTable

, ListTables "Resource":["*"]

+3

, ARN Dynamo DB .

"": "arn: aws: dynamodb: us-west-2: 123456789012: table/Books"

IAM DynamoDB.

. - , , , .. ( ).

            "dynamodb:ListTables",
            "dynamodb:DescribeTable",
            "dynamodb:GetItem",
            "dynamodb:BatchGetItem",
            "dynamodb:Query",
            "dynamodb:Scan"
+2

Source: https://habr.com/ru/post/1528087/

More articles:


All Articles