Creating a DynamoDB read-only group using AWS IAM
In this recipe, we will create a user group who will have a read-only access to DynamoDB.
Getting ready
To perform this recipe, you need to know how to access the DynamoDB console.
How to do it…
Let's create read-only group using AWS IAM;
Create a user group, as described in the previous recipe, with the name
dynamodb-read-only-groupand attach theAmazonDynamoDBReadOnlyAccesspolicy, as shown in the following screenshot:
Once the group is created and the policy is attached to it, you may add users to the group. You can refer to the previous recipe for more details. Here, I am adding
dynamodb-user-2to this group.
How it works…
The read-only policy allows users to only read the items; it does not allow users to modify any items. All write operations such as PutItem, BatchWriteItems, and so on are blocked. The users of this group can only perform the GetItem, BatchGetItem, Query, and Scan operations.
