Dynamodb 简明教程
DynamoDB - Permissions API
DynamoDB API 提供了一组大型操作,这些操作需要权限。在设置权限时,您必须建立允许的操作、允许的资源以及每个操作的条件。
DynamoDB API offers a large set of actions, which require permissions. In setting permissions, you must establish the actions permitted, resources permitted, and conditions of each.
您可以在策略的操作字段内指定操作。在策略的资源字段内指定资源值。但请确保您使用正确的语法,该语法在 API 操作前包含 Dynamodb: 前缀。
You can specify actions within the Action field of the policy. Specify resource value within the Resource field of the policy. But do ensure that you use the correct syntax containing the Dynamodb: prefix with the API operation.
示例 − dynamodb:CreateTable
For example − dynamodb:CreateTable
您还可以使用条件键来筛选权限。
You can also employ condition keys to filter permissions.
Permissions and API Actions
仔细查看下表中给出的 API 操作和关联权限 −
Take a good look at the API actions and associated permissions given in the following table −
API Operation |
Necessary Permission |
BatchGetItem |
dynamodb:BatchGetItem |
BatchWriteItem |
dynamodb:BatchWriteItem |
CreateTable |
dynamodb:CreateTable |
DeleteItem |
dynamodb:DeleteItem |
DeleteTable |
dynamodb:DeleteTable |
DescribeLimits |
dynamodb:DescribeLimits |
DescribeReservedCapacity |
dynamodb:DescribeReservedCapacity |
DescribeReservedCapacityOfferings |
dynamodb:DescribeReservedCapacityOfferings |
DescribeStream |
dynamodb:DescribeStream |
DescribeTable |
dynamodb:DescribeTable |
GetItem |
dynamodb:GetItem |
GetRecords |
dynamodb:GetRecords |
GetShardIterator |
dynamodb:GetShardIterator |
ListStreams |
dynamodb:ListStreams |
ListTables |
dynamodb:ListTables |
PurchaseReservedCapacityOfferings |
dynamodb:PurchaseReservedCapacityOfferings |
PutItem |
dynamodb:PutItem |
Query |
dynamodb:Query |
Scan |
dynamodb:Scan |
UpdateItem |
dynamodb:UpdateItem |
UpdateTable |
dynamodb:UpdateTable |
Resources
在下表中,您可以查看与每个允许的 API 操作相关的资源 −
In the following table, you can review the resources associated with each permitted API action −
API Operation |
Resource |
BatchGetItem |
arn:aws:dynamodb:region:account-id:table/table-name |
BatchWriteItem |
arn:aws:dynamodb:region:account-id:table/table-name |
CreateTable |
arn:aws:dynamodb:region:account-id:table/table-name |
DeleteItem |
arn:aws:dynamodb:region:account-id:table/table-name |
DeleteTable |
arn:aws:dynamodb:region:account-id:table/table-name |
DescribeLimits |
arn:aws:dynamodb:region:account-id:* |
DescribeReservedCapacity |
arn:aws:dynamodb:region:account-id:* |
DescribeReservedCapacityOfferings |
arn:aws:dynamodb:region:account-id:* |
DescribeStream |
arn:aws:dynamodb:region:account-id:table/table-name/stream/stream-label |
DescribeTable |
arn:aws:dynamodb:region:account-id:table/table-name |
GetItem |
arn:aws:dynamodb:region:account-id:table/table-name |
GetRecords |
arn:aws:dynamodb:region:account-id:table/table-name/stream/stream-label |
GetShardIterator |
arn:aws:dynamodb:region:account-id:table/table-name/stream/stream-label |
ListStreams |
arn:aws:dynamodb:region:account-id:table/table-name/stream/* |
ListTables |
* |
PurchaseReservedCapacityOfferings |
arn:aws:dynamodb:region:account-id:* |
PutItem |
arn:aws:dynamodb:region:account-id:table/table-name |
Query |
arn:aws:dynamodb:region:account-id:table/table-name or arn:aws:dynamodb:region:account-id:table/table-name/index/index-name |
Scan |
arn:aws:dynamodb:region:account-id:table/table-name or arn:aws:dynamodb:region:account-id:table/table-name/index/index-name |
UpdateItem |
arn:aws:dynamodb:region:account-id:table/table-name |
UpdateTable |
arn:aws:dynamodb:region:account-id:table/table-name |