DynamoDB API提供了大量需要权限的操作.在设置权限时,您必须建立允许的操作,允许的资源以及每个操作的条件.
您可以在策略的"操作"字段中指定操作.在策略的"资源"字段中指定资源值.但请确保使用包含Dynamodb:前缀和API操作的正确语法.
例如 : dynamodb:CreateTable
您还可以使用条件键来过滤权限.
仔细查看下表中给出的API操作和相关权限 :
| API操作 | 必要的权限 |
|---|---|
| BatchGetItem | dynamodb:BatchGetItem |
| BatchWriteItem | dynamodb:BatchWriteItem |
| CreateTable | dynamodb:CreateTable |
| DeleteItem | dynamodb:DeleteItem |
| DeleteTable | dynamodb:DeleteTable |
| DescribeLimits | dynamodb:DescribeLimits |
| D escribeReservedCapacity | dynamodb:DescribeReservedCapacity |
| DescribeReservedCapacityOfferings | dynamodb:DescribeReservedCapacityOfferings |
| DescribeStream | dynamodb:DescribeStream |
| DescribeTable | dynamodb:DescribeTable |
| GetItem | dynamodb:GetItem |
| GetRecords | dynamodb:GetRecords |
| GetShardIterator | dynamodb:GetShardIterator |
| ListStreams | dynamodb :ListStreams |
| ListTables | dynamodb:ListTables |
| PurchaseReservedCapacityOfferings | dynamodb:PurchaseReservedCapacityOfferings |
| PutItem | dynamodb:PutItem |
| 查询 | dynamodb:查询 |
| 扫描 | dynamodb:扫描 |
| UpdateItem | dynamodb:UpdateItem |
| UpdateTable | dynamodb:UpdateTable |
在下表中,您可以查看与每个资源相关的资源允许的API操作 :
| API操作 | 资源 |
|---|---|
| BatchGetItem | arn:aws:dynamodb:region:account-id:table/table-name |
| BatchWriteItem | arn:aws:dynamodb:region:account-id:table/table -name |
| CreateTable | arn:aws:dynamodb :区域:帐户ID:表/表名 |
| DeleteItem | arn:aws:dynamodb:region:account -id:table/table-name |
| DeleteTable | arn:aws:dynamodb:region:account-id:table/table-name |
| DescribeLimits | arn:aws:dynamodb:region:account-id:* |
| DescribeReservedCapacity | arn:aws:dynamodb:region:account-id:* |
| DescribeReservedCapacityOfferings | arn:aws:dynamodb:region:account-id: * |
| DescribeStream | arn:aws:dynamodb: region:account-id:table/table-name/stream/stream-label |
| DescribeTable | arn:aws:dynamodb:region:account-id:table/table-name |
| GetItem | arn:aws:dynamodb:region:account-id:table/table-name |
| GetRecords | arn:aws:dynamodb:region:account-id:table/table-name/stream/stream-label |
| GetShardIterator | arn:aws:dynamodb:region:account-id:table/table-name/stream/stream-label |
| ListStreams | arn:aws:dynamodb:region: account-id:table/table-name/stream/* |
| ListTables | * |
| PurchaseReservedCapacityOfferings | arn:aws:dynamodb:region:account-id:* |
| PutItem | arn:aws:dynamodb:region:account-id:table/table-name |
| 查询 | arn:aws:dynamodb:region:account-id:table/table-name 或 arn:aws:dynamodb:region:account-id:table/table-name/index/index-name |
| 扫描 | arn:aws:dynamodb:region:account-id:table/table-名称 或 arn:aws:dynamodb:region:account-id:table/table- name/index/index-name |
| UpdateItem | arn:aws:dynamodb:region:account-id:table/table-name |
| UpdateTable | arn:aws:dynamodb:region:account-id:table/table-name |
