AWS Lambda: Allows a Lambda function to access an Amazon DynamoDB table
This example shows how you might create an identity-based policy that allows read and write access to a specific Amazon DynamoDB table. The
policy also allows writing log files to CloudWatch Logs. To use this policy, replace the italicized placeholder text in the example policy with your own information.
Then, follow the directions in create a policy or edit a policy.
To use this policy, attach the policy to a Lambda service role. A service role is a role that
you create in your account to allow a service to perform actions on your behalf. That
service role must include AWS Lambda as the principal in the trust policy. For details about
how to use this policy, see How to Create an AWS IAM Policy to Grant AWS Lambda Access to an Amazon DynamoDB
Table
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ReadWriteTable", "Effect": "Allow", "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem" ], "Resource": "arn:aws:dynamodb:*:*:table/SampleTable" }, { "Sid": "GetStreamRecords", "Effect": "Allow", "Action": "dynamodb:GetRecords", "Resource": "arn:aws:dynamodb:*:*:table/SampleTable/stream/* " }, { "Sid": "WriteLogStreamsAndGroups", "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" }, { "Sid": "CreateLogGroup", "Effect": "Allow", "Action": "logs:CreateLogGroup", "Resource": "*" } ] }
