A naukri.com initiative
Amazon
1M
377
Image Credit: Amazon
Using attribute-based access control for tag-based access authorization with Amazon DynamoDB
- AWS announced the general availability of attribute-based access control (ABAC) for Amazon DynamoDB that provides authorization strategy depending on attributes to define permissions based on AWS Identity and Access Management (IAM) entities and resources called tags.
- Using attribute-based access control (ABAC) with DynamoDB offers fewer policies, automatic permission management, alignment with a corporate directory.
- The complexity of permission management within the policies increases when new IAM principals are added regularly, and policy management is no longer scalable.
- ABAC is an authorization strategy that defines permissions based on attributes called tags. You can attach tags to (IAM) entities such as users and roles, and to AWS resources such as DynamoDB tables.
- With new IAM principals being added to the policies regularly, the complexity of permission management within policies increases, and policy management is no longer scalable.
- Benefits of using ABAC with DynamoDB include fewer policies, automatic permission management, alignment with a corporate directory, and monitoring actions that users have performed.
- Auditing your policies is essential to avoid surprises from authorization changes with your applications that connect to DynamoDB after ABAC is enforced.
- If your account is not enabled for DynamoDB ABAC, the tag-based conditions in your identity-based or other policies that are intended to act on DynamoDB tables or indexes are evaluated as if no tags are present for your tables.
- Using ABAC with DynamoDB simplifies permission management, segmentation of access control for DynamoDB tables and indexes, and team access as the organization expands.
- There is no additional cost to use ABAC with Amazon DynamoDB.
Read Full Article
22 Likes
For uninterrupted reading, download the app