Amazon Lambda: Allows a Lambda function to access an Amazon DynamoDB table
This example shows how you might create an identity-based policy that allows read and write access to a specific Amazon DynamoDB table. The
policy also allows writing log files to CloudWatch Logs. To use this policy, replace the italicized placeholder text
in the example policy with your own information.
Then, follow the directions in create a policy or edit a policy.
To use this policy, attach the policy to a Lambda service role. A service role is a role that
you create in your account to allow a service to perform actions on your behalf. That
service role must include Amazon Lambda as the principal in the trust policy. For details about
how to use this policy, see How to Create an Amazon IAM Policy to Grant Amazon Lambda Access to an Amazon DynamoDB
Table
{ "Version": "2012-10-17", "Statement": [ { "Sid": "ReadWriteTable", "Effect": "Allow", "Action": [ "dynamodb:BatchGetItem", "dynamodb:GetItem", "dynamodb:Query", "dynamodb:Scan", "dynamodb:BatchWriteItem", "dynamodb:PutItem", "dynamodb:UpdateItem" ], "Resource": "arn:aws:dynamodb:*:*:table/
SampleTable
" }, { "Sid": "GetStreamRecords", "Effect": "Allow", "Action": "dynamodb:GetRecords", "Resource": "arn:aws:dynamodb:*:*:table/SampleTable
/stream/* " }, { "Sid": "WriteLogStreamsAndGroups", "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "*" }, { "Sid": "CreateLogGroup", "Effect": "Allow", "Action": "logs:CreateLogGroup", "Resource": "*" } ] }