hands-on lab

Managing Access and Permissions with the AWS CDK

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


The AWS Construct Library for the AWS CDK provides widely-implemented idioms to manage access to your cloud resources. The IAM module offers tools to provide various IAM principals with authenticated access to AWS resources. Certain resource constructs within the Construct Library have built-in methods to grant commonly used permissions to other resources, i.e. read and write access.

In this lab, you will work with the IAM module to create an IAM Role with DynamoDB permissions. You will also work with the DynamoDB construct method to grant access to a Lambda function you create.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

  • Deploy an IAM Role and Policy using the AWS CDK
  • Explore built-in AWS CDK Construct methods to grant resource access

Intended Audience

  • Cloud Architects
  • DevOps Engineers
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • AWS Cloud Development Kit (CDK)
  • AWS Identity and Access Management (IAM)
  • Amazon DynamoDB
  • AWS Lambda

The following content can be used to fulfill the prerequisite:


April 17th, 2024 - Resolved IAM permission issue

August 16th, 2023 - Remove Node deprecation warning and updated CDK CLI version

March 13th, 2023 - Enabled autosave in the lab's browser IDE

Environment before

Environment after

About the author

Jun Fritz, opens in a new tab
Cloud Labs Developer
Learning paths

Jun is a Cloud Labs Developer with previous experience as a Software Engineer and Cloud Developer. He holds the AWS Certified Solutions Architect and DevOps Engineer Professional certifications. He also holds the AWS Certified Solutions Architect, Developer, and SysOps Administrator Associate certifications. 

Jun is focused on giving back to the growing cloud community by sharing his knowledge and experience with students and creating engaging content. 

Covered topics

Lab steps

Setting up the AWS CDK Project
Creating IAM Resources with the AWS CDK
Granting Resource Access with CDK Construct Methods