Dynamodb 简明教程
DynamoDB - Permissions API
DynamoDB API 提供了一组大型操作,这些操作需要权限。在设置权限时,您必须建立允许的操作、允许的资源以及每个操作的条件。
您可以在策略的操作字段内指定操作。在策略的资源字段内指定资源值。但请确保您使用正确的语法,该语法在 API 操作前包含 Dynamodb: 前缀。
示例 − dynamodb:CreateTable
您还可以使用条件键来筛选权限。
Permissions and API Actions
仔细查看下表中给出的 API 操作和关联权限 −
API Operation |
Necessary Permission |
BatchGetItem |
dynamodb:BatchGetItem |
BatchWriteItem |
dynamodb:BatchWriteItem |
CreateTable |
dynamodb:CreateTable |
DeleteItem |
dynamodb:DeleteItem |
DeleteTable |
dynamodb:DeleteTable |
DescribeLimits |
dynamodb:DescribeLimits |
DescribeReservedCapacity |
dynamodb:DescribeReservedCapacity |
DescribeReservedCapacityOfferings |
dynamodb:DescribeReservedCapacityOfferings |
DescribeStream |
dynamodb:DescribeStream |
DescribeTable |
dynamodb:DescribeTable |
GetItem |
dynamodb:GetItem |
GetRecords |
dynamodb:GetRecords |
GetShardIterator |
dynamodb:GetShardIterator |
ListStreams |
dynamodb:ListStreams |
ListTables |
dynamodb:ListTables |
PurchaseReservedCapacityOfferings |
dynamodb:PurchaseReservedCapacityOfferings |
PutItem |
dynamodb:PutItem |
Query |
dynamodb:Query |
Scan |
dynamodb:Scan |
UpdateItem |
dynamodb:UpdateItem |
UpdateTable |
dynamodb:UpdateTable |
Resources
在下表中,您可以查看与每个允许的 API 操作相关的资源 −
API Operation |
Resource |
BatchGetItem |
arn:aws:dynamodb:region:account-id:table/table-name |
BatchWriteItem |
arn:aws:dynamodb:region:account-id:table/table-name |
CreateTable |
arn:aws:dynamodb:region:account-id:table/table-name |
DeleteItem |
arn:aws:dynamodb:region:account-id:table/table-name |
DeleteTable |
arn:aws:dynamodb:region:account-id:table/table-name |
DescribeLimits |
arn:aws:dynamodb:region:account-id:* |
DescribeReservedCapacity |
arn:aws:dynamodb:region:account-id:* |
DescribeReservedCapacityOfferings |
arn:aws:dynamodb:region:account-id:* |
DescribeStream |
arn:aws:dynamodb:region:account-id:table/table-name/stream/stream-label |
DescribeTable |
arn:aws:dynamodb:region:account-id:table/table-name |
GetItem |
arn:aws:dynamodb:region:account-id:table/table-name |
GetRecords |
arn:aws:dynamodb:region:account-id:table/table-name/stream/stream-label |
GetShardIterator |
arn:aws:dynamodb:region:account-id:table/table-name/stream/stream-label |
ListStreams |
arn:aws:dynamodb:region:account-id:table/table-name/stream/* |
ListTables |
* |
PurchaseReservedCapacityOfferings |
arn:aws:dynamodb:region:account-id:* |
PutItem |
arn:aws:dynamodb:region:account-id:table/table-name |
Query |
arn:aws:dynamodb:region:account-id:table/table-name or arn:aws:dynamodb:region:account-id:table/table-name/index/index-name |
Scan |
arn:aws:dynamodb:region:account-id:table/table-name or arn:aws:dynamodb:region:account-id:table/table-name/index/index-name |
UpdateItem |
arn:aws:dynamodb:region:account-id:table/table-name |
UpdateTable |
arn:aws:dynamodb:region:account-id:table/table-name |