Posted On: Mar 31, 2024
Amazon DynamoDB now supports resource-based policies in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD. Resource-based policies help you simplify access control to your DynamoDB resources. With resource-based policies, you can specify the Identity and Access Management (IAM) principals that have access to a resource and what actions they can perform on it. You can attach a resource-based policy to a DynamoDB table or a stream. The resource-based policy that you attach to a table can include access permissions to its indexes. With resource-based policies, you can also simplify cross-account access control for sharing resources with IAM principals of different Amazon Web Services accounts.
Resource-based policies support integrations with IAM Access Analyzer and Block Public Access (BPA) capabilities. IAM Access Analyzer reports cross-account access to external entities specified in resource-based policies, and provides visibility to help you refine permissions and conform to least privilege. BPA helps you prevent public access to your DynamoDB tables, indexes, and streams, and is automatically enabled in the resource-based policies creation and modification workflows.
You can get started with resource-based policies by using the Amazon Web Services Management Console, Amazon API, Amazon CLI, Amazon SDK, or Amazon CloudFormation. There is no additional cost to use the feature. Learn more at Using resource-based policies with DynamoDB.