Restricting Access to S3Guard Tables
To restricting access to S3Guard tables, here are the permissions needed for simply using the table:
dynamodb:BatchGetItem dynamodb:BatchWriteItem dynamodb:DeleteItem dynamodb:DescribeTable dynamodb:GetItem dynamodb:PutItem dynamodb:Query dynamodb:UpdateItem
For the hadoop s3guard
table management commands, extra permissions are required:
dynamodb:CreateTable dynamodb:DescribeLimits dynamodb:DeleteTable dynamodb:Scan dynamodb:TagResource dynamodb:UntagResource dynamodb:UpdateTable
It is best to remove these rights, especially the dynamodb:CreateTable
and
dynamodb:DeleteTable
permissons from non-administrators.