TechQA.

Grant cross account access to dynamodb table without using sts:AssumeRole

478 views Asked by At

Essentially, I want an Iam role from AccountA to be able to manage a dynamodb table in AccountB, but the deployment that I am using does not support sts:AssumeRole (not my choice). I faced this same issue with an S3, but I was able to add an S3 bucket policy that allowed the Iam role from AccountB to access it (see below). Is there anything similar for dynamodb tables?

Thanks all :D

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::AccountB:role/iam-role-name"
            },
            "Action": "*",
            "Resource": [
                "arn:aws:s3:::bucket-name",
                "arn:aws:s3:::bucket-name/*"
            ]
        }
    ]
}
amazon-s3 amazon-dynamodb aws-access-policy teleport
Original Q&A
1

There are 1 answers

0
Leeroy Hannigan On

The only way that you can manage a table in another account is by assuming a role.

Unlike S3, DynamoDB does not support resource based access control. Unfortunately there are no simple workarounds as IAM is a security feature.

Related Questions in AMAZON-S3

Related Questions in AMAZON-DYNAMODB

Related Questions in AWS-ACCESS-POLICY

Related Questions in TELEPORT

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions