Using IAM to provide access control to DynamoDB
Some of you might be aware of the concept called access control on resources. This is a very familiar concept in relational databases where we can have multiple users accessing the same database but different roles. This is very crucial from the application's security point of view. A user should have privileges and access to only the required resources in order to avoid misuse. In order to implement the concept on Cloud, AWS supports Identity and Access Management (IAM) as a service. This service allows us to perform the following:
- Create multiple AWS accounts that access the same resources with different privileges
- Create group users with similar privileges for the same level of accesses
- Create separate user credentials for each user and maintain privacy
- Provide fine-grained control on shared resources
- Get a collective bill for all the users under one account
We can use IAM to control DynamoDB resources and API accesses to users. To do so...
