Restricting Access to S3Guard Tables
You must set permission to restrict access to S3Guard tables.
To restricting access to S3Guard tables, here are the permissions needed for simply using the table:
dynamodb:BatchGetItem dynamodb:BatchWriteItem dynamodb:DeleteItem dynamodb:DescribeTable dynamodb:GetItem dynamodb:PutItem dynamodb:Query dynamodb:UpdateItem
For the hadoop s3guard table management commands, extra permissions are required:
dynamodb:CreateTable dynamodb:DescribeLimits dynamodb:DeleteTable dynamodb:Scan dynamodb:TagResource dynamodb:UntagResource dynamodb:UpdateTable
It is best to remove these rights, especially the dynamodb:CreateTable dynamodb:DeleteTable permissons from non-administrators.