hands-on lab

Controlling Amazon DynamoDB Access Using AWS IAM Policies

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.
Lab description

Amazon DynamoDB is a NoSQL database that is used for storing data in document and key-value pair formats. It is highly performant and scalable. Amazon DynamoDB is also serverless which means that you don't have to worry about the complexity of creating and managing infrastructure.

Learning how to control access to Amazon DynamoDB tables using AWS Identity and Access Management (IAM) will help you to create more secure solutions using the AWS cloud.

In this lab, you will create an AWS IAM policy, and you will use this policy to restrict access to a Amazon DynamoDB table in various ways.

Learning Objectives

Upon completion of this beginner level lab, you will be able to:

  • Create a new AWS IAM policy
  • Restrict access to Amazon DynamoDB items with specific partition keys
  • Restrict access to specific attributes of Amazon DynamoDB items

Intended Audience

  • Candidates for AWS Solutions Architect Professional certification
  • Cloud Architects
  • Data Engineers
  • DevOps Engineers
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • AWS Identity and Access Management (IAM)
  • Amazon DynamoDB
  • JavaScript Object Notation (JSON)

The following labs and courses can be used to fulfill the prerequisite:


May 9th, 2024 - Addressed an issue that prevented the lab starting, and improved some screenshots and instructions

December 7th, 2023 - Updated the instructions and screenshots to reflect the latest UI

April 11th, 2022 - Addressed an issue with the tester web application

Environment before

Environment after

About the author
Learning paths

Andrew is a Labs Developer with previous experience in the Internet Service Provider, Audio Streaming, and CryptoCurrency industries. He has also been a DevOps Engineer and enjoys working with CI/CD and Kubernetes.

He holds multiple AWS certifications including Solutions Architect Associate and Professional.

Covered topics
Lab steps
Logging In to the Amazon Web Services Console
Creating an AWS IAM Policy for Amazon DynamoDB Access
Controlling Amazon DynamoDB Access Using AWS IAM Policies