IAM permissions¶
If you want to set up a separate IAM user for Dynamic DynamoDB, then you need to grant the user the following privileges:
cloudwatch:GetMetricStatistics
dynamodb:DescribeTable
dynamodb:ListTables
dynamodb:UpdateTable
sns:Publish
(used by the SNS notifications feature)
Example IAM policy¶
Here’s an example IAM policy. Please make sure you update the ARNs according to your needs.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:DescribeTable",
"dynamodb:ListTables",
"dynamodb:UpdateTable",
"cloudwatch:GetMetricStatistics"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"sns:Publish"
],
"Resource": [
"arn:aws:sns:*::dynamic-dynamodb"
]
}
]
}