Creating The DynamoDB Access Policy
In order to configure S3Guard, you must to provide read and write permissions for the DynamoDB table that S3Guard will create and use. To do this, you must add a DynamoDB access policy to your IAM role using the following steps:
Log in to your AWS account and navigate to the Identity and Access Management (IAM) console.
In the IAM console, select Roles from the left pane.
Search for an IAM role that you want to update:
Click on the role.
In the Permissions tab, click Create Role Policy:
Click Select next to the Policy Generator:
Enter:
Parameter Value Effect Allow AWS Service Amazon DynamoDB Actions All Actions Amazon Resource Name (ARN) * Your configuration should look similar to:
Click Add Statement.
Click Next Step.
On the "Review Policy" page, review your new policy and then click Apply Policy:
Now the policy will be attached to your IAM role and your cluster will be able to talk to DynamoDB, including creating a table for S3 metadata when S3Guard is configured.
You must also configure S3Guard in Ambari.