An organization has created 10 IAM users. The organization wants each of the IAM users to have access to a
separate DyanmoDB table. All the users are added to the same group and the organization wants to setup a
group level policy for this. How can the organization achieve this?
A.
Define the group policy and add a condition which allows the access based on the IAM name
B.
Create a DynamoDB table with the same name as the IAM user name and define the policy rule
which grants access based on the DynamoDB ARN using a variable
C.
Create a separate DynamoDB database for each user and configure a policy in the group based on
the DB variable
D.
It is not possible to have a group level policy which allows different IAM users to different DynamoDB
Tables
Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user
permissions for various AWS services. AWS DynamoDB has only tables and the organization cannot
makeseparate databases. The organization should create a table with the same name as the IAM user name
and use the ARN of DynamoDB as part of the group policy. The sample policy is shown below:
{
“Version”: “2012-10-17”,
“Statement”: [{
“Effect”: “Allow”,
“Action”: [“dynamodb:*”],
“Resource”: “arn:aws:dynamodb:region:account-number-without-hyphens:table/${aws:username}”
}]}
The Explanation states “The organization should create a table with the same name as the IAM user name and use the ARN of DynamoDB as part of the group policy.” which implies that it is possible!
The right answer should be B.
1
0
I would pick A. The explanantion is only an example.
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/FGAC_DDB.html
0
0
Answer is B
0
0
Hi! I just took the AWS-SysOps exam few days ago and luckily passed with 90% marks (the passing score is 65% now). I had 55 single choice and multiple choice questions in total, most of them were single answer questions. And, questions on Monitoring and Metrics, Deployment and Provisioning were not easy to answer, other questions on High Availability and Data Management and Analysis were very easy to get the correct answers.
I learned valid AWS-SysOps dumps here — https://drive.google.com/open?id=0B-ob6L_QjGLpUWdPWXRHaERYWlU (recommend you to get the full version 310q AWS-SysOps dumps), all actual AWS-SysOps exam questions were from that 310q AWS-SysOps dumps.
Good Luck, my cool guys!
0
0
spammer
0
0
B
0
0
Answer is B
0
0
B is correct
0
0
Whao, didnt know that is possible.
0
0
b
0
0
http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/api-permissions-reference.html
0
0
B is the right answer.
0
0
B
0
0