是否AWS Identity and Access Management (IAM)提供一种方法,使用户只能编辑或删除 Amazon DynamoDB 中的项目。他之前加的表?
最佳答案
在 AWS 添加 Fine-Grained Access Control for Amazon DynamoDB 后,这成为可能,这有助于 AWS Identity and Access Management (IAM)管理对存储在 DynamoDB 表中的项目和属性的访问的策略。
介绍性博客文章说明了此功能的出色粒度以及对许多实际用例的简化:
见 Fine-Grained Access Control for Amazon DynamoDB有关此功能的更多详细信息,以确定谁可以访问 Amazon DynamoDB 表和索引中的单个数据项和属性,以及可以对它们执行的操作。
附录
Werner Vogels 的 Simplifying Mobile App Data Management with DynamoDB's Fine-Grained Access Control 也强调了这一新功能的深远范围/影响。 :
With Fine-Grained Access Control, we solve this problem by enabling you to author access policies that include conditions that describe additional levels of filtering and control. This eliminates the need for the proxy layer, simplifies the application stack, and results in cost savings.
[...]
With today’s launch, apps running on mobile devices can send workloads to a DynamoDB table, row, or even a column without going through an intervening proxy layer. [...] This capability allows apps running on mobile devices to modify only rows belonging to a specific user. Also, by consolidating users’ data in a DynamoDB table, you can obtain real-time insights over the user base, at large scale, without going through expensive joins and batch approaches such as scatter / gather.
关于amazon-web-services - 如何通过 IAM 控制用户对 Amazon DynamoDB 数据的访问?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20876500/