Authenticating to Amazon DynamoDB
Start course

This course covers the different options available to you to enable you to authenticate to your Amazon RDS and Amazon DynamoDB Databases. You'll learn about the difference between authentication and authorization, as well as Identity and Access Management, and how to authenticate to Amazon RDS, and DynamoDB.

If you have any feedback relating to this course, feel free to contact us at

Learning Objectives

  • Define the differences between authentication and authorization  
  • Understand the key components of IAM used for access control and authentication
  • Learn the authentication methods used to access RDS databases across different DB engines
  • Learn the authentication controls of Amazon DynamoDB

Intended Audience

This course has been designed to assist those who are responsible for securing, designing, and operating AWS Database solutions. It is also ideal for anyone who is looking to take the AWS Certified Database - Specialty exam.


To get the most out of this course, you should have a basic awareness of AWS database services, in addition to AWS Identity & Access Management.


Hello and welcome to this lecture where I shall be looking at how to authenticate to and access Amazon DynamoDB.  

Amazon DynamoDB focuses on ensuring you are authenticated through the relevant IAM permissions to access its resources, regardless of how those permissions are applied using IAM policies, either attached through users, groups, roles, or even federated access. Without IAM permissions you will not be able to access the DynamoDB table and its resources, and these need to be applied within an identity-based policy, as DynamoDB does not support resource-based policies.

With this in mind, you need to understand your DynamoDB resources, specifically the ARNs of the resource in question to allow you to apply an identity-based policy to allow permission to use it.

When using Amazon DynamoDB, there are of course Tables, and this is the primary resource of the service, but you can also access Indexes and Streams. The ARNs of these resources are typically referenced as shown here, where the text in red should be replaced by your own values.

As DynamoDB only allows permissions issued through identity-based policies, here is an example of a policy that will allow the associated identity(s) to perform the following functions: GetItem, Query, and Scan. And in the example, I have used a DynamoDB table called ‘MyTable’.

So compared to Amazon RDS, the authentication options are much simpler with DynamoDB, it is purely based upon AWS IAM Identity-based policies. 

About the Author
Learning Paths

Stuart has been working within the IT industry for two decades covering a huge range of topic areas and technologies, from data center and network infrastructure design, to cloud architecture and implementation.

To date, Stuart has created 150+ courses relating to Cloud reaching over 180,000 students, mostly within the AWS category and with a heavy focus on security and compliance.

Stuart is a member of the AWS Community Builders Program for his contributions towards AWS.

He is AWS certified and accredited in addition to being a published author covering topics across the AWS landscape.

In January 2016 Stuart was awarded ‘Expert of the Year Award 2015’ from Experts Exchange for his knowledge share within cloud services to the community.

Stuart enjoys writing about cloud technologies and you will find many of his articles within our blog pages.