1. Answers
  2. Grant specific DynamoDB table access with IAM policy attachment

How do I grant specific DynamoDB table access with IAM policy attachment?

In this example, we will create an AWS DynamoDB table and an IAM user. We will then create an IAM policy that grants specific access to the DynamoDB table and attach this policy to the IAM user. This setup ensures that the IAM user has the necessary permissions to interact with the DynamoDB table.

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create a DynamoDB table
const table = new aws.dynamodb.Table("exampleTable", {
    attributes: [
        { name: "id", type: "S" },
    ],
    hashKey: "id",
    billingMode: "PAY_PER_REQUEST",
});

// Create an IAM user
const user = new aws.iam.User("exampleUser");

// Create an IAM policy that grants access to the DynamoDB table
const policy = new aws.iam.Policy("examplePolicy", {
    description: "A policy to allow DynamoDB table access",
    policy: pulumi.interpolate`{
        "Version": "2012-10-17",
        "Statement": [
            {
                "Effect": "Allow",
                "Action": [
                    "dynamodb:GetItem",
                    "dynamodb:PutItem",
                    "dynamodb:UpdateItem",
                    "dynamodb:DeleteItem"
                ],
                "Resource": "${table.arn}"
            }
        ]
    }`,
});

// Attach the policy to the IAM user
const policyAttachment = new aws.iam.UserPolicyAttachment("examplePolicyAttachment", {
    user: user.name,
    policyArn: policy.arn,
});

// Export the table name and user ARN
export const tableName = table.name;
export const userArn = user.arn;

Key Points:

  • We created a DynamoDB table named exampleTable.
  • We created an IAM user named exampleUser.
  • We defined an IAM policy that grants specific actions (GetItem, PutItem, UpdateItem, DeleteItem) on the DynamoDB table.
  • We attached the policy to the IAM user to grant the necessary permissions.
  • We exported the table name and user ARN for easy reference.

Summary:

In this example, we demonstrated how to create a DynamoDB table and an IAM user using Pulumi. We then created an IAM policy to grant specific access to the DynamoDB table and attached this policy to the IAM user. This setup ensures that the IAM user has the required permissions to interact with the DynamoDB table.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up