Jan 14, 2022

Allow a Lambda Function to Access a DynamoDB Table

0
0
{{ }} Substitute variables

Adjust the variable values according to your preference.

Policy Code

1{
2    "Version": "2012-10-17",
3    "Statement": [
4        {
5            "Sid": "ReadWriteTable",
6            "Effect": "Allow",
7            "Action": [
8                "dynamodb:BatchGetItem",
9                "dynamodb:GetItem",
10                "dynamodb:Query",
11                "dynamodb:Scan",
12                "dynamodb:BatchWriteItem",
13                "dynamodb:PutItem",
14                "dynamodb:UpdateItem"
15            ],
16            "Resource": "arn:aws:dynamodb:*:*:table/{{dynamoTable}}"
17        },
18        {
19            "Sid": "GetStreamRecords",
20            "Effect": "Allow",
21            "Action": "dynamodb:GetRecords",
22            "Resource": "arn:aws:dynamodb:*:*:table/{{dynamoTable}}/stream/* "
23        },
24        {
25            "Sid": "WriteLogStreamsAndGroups",
26            "Effect": "Allow",
27            "Action": [
28                "logs:CreateLogStream",
29                "logs:PutLogEvents"
30            ],
31            "Resource": "*"
32        },
33        {
34            "Sid": "CreateLogGroup",
35            "Effect": "Allow",
36            "Action": "logs:CreateLogGroup",
37            "Resource": "*"
38        }
39    ]
40}
DOC

Replace {{dynamoTable}} with the name of the DynamoDB table you wish to allow Lambda access to. Attach this policy to the role you attach to the Lambda function.

    Get the IAM Pulse Check Newsletter

    We send out a periodic newsletter full of tips & tricks, contributions from the community, commentary on the industry, relevant social posts, and more.

    Checkout past issues for a sampling of the goods.