Using IAM to provide access control to DynamoDB
Some of you might be aware of the concept called access control on resources. This is a very familiar concept in relational databases where we can have multiple users accessing the same database but different roles. This is very crucial from the application's security point of view. A user should have privileges and access to only the required resources in order to avoid misuse. In order to implement the concept on Cloud, AWS supports Identity and Access Management (IAM) as a service. This service allows us to perform the following:
Create multiple AWS accounts that access the same resources with different privileges
Create group users with similar privileges for the same level of accesses
Create separate user credentials for each user and maintain privacy
Provide fine-grained control on shared resources
Get a collective bill for all the users under one account
We can use IAM to control DynamoDB resources and API accesses to users. To do so, you...
