Iam Gives Access To One Dynamodb Method But Not Another Using Javascript To Aws
Solution 1:
Couple of things here.
Looking at your policy, looks like you are looking for identity level fine grained access. If you want that and you add Scan to your policy, it basically gives any identity access to your full table. You should only allow item level operations in the fine grained policy. IAM roles for fine grained access control explains this in more details.
dynamodb:LeadingKeys condition key will allows users to access only the items where the partition/hash key value matches their identity ID. The error you are getting indicates that either the identity id is not the hash key in your DynamoDB table or you are not setting the hash key value in your DynamoDB query when you issue a get or update item. This is the also the reason why Scan is working, because scan queries do not require a hash key value.
Post a Comment for "Iam Gives Access To One Dynamodb Method But Not Another Using Javascript To Aws"