View a markdown version of this page

Step 2: Create a user and policy - Amazon DynamoDB
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 2: Create a user and policy

In this step, you create a user with a policy that grants access to your Amazon DynamoDB Accelerator (DAX) cluster and to DynamoDB using Amazon Identity and Access Management. You can then run applications that interact with your DAX cluster.

To provide access, add permissions to your users, groups, or roles:

To use the JSON policy editor to create a policy
  1. Sign in to the Amazon Web Services Management Console and open the IAM console at https://console.amazonaws.cn/iam/.

  2. In the navigation pane on the left, choose Policies.

    If this is your first time choosing Policies, the Welcome to Managed Policies page appears. Choose Get Started.

  3. At the top of the page, choose Create policy.

  4. In the Policy editor section, choose the JSON option.

  5. Enter or paste a JSON policy document. For details about the IAM policy language, see IAM JSON policy reference.

  6. Resolve any security warnings, errors, or general warnings generated during policy validation, and then choose Next.

    Note

    You can switch between the Visual and JSON editor options anytime. However, if you make changes or choose Next in the Visual editor, IAM might restructure your policy to optimize it for the visual editor. For more information, see Policy restructuring in the IAM User Guide.

  7. (Optional) When you create or edit a policy in the Amazon Web Services Management Console, you can generate a JSON or YAML policy template that you can use in Amazon CloudFormation templates.

    To do this, in the Policy editor choose Actions, and then choose Generate CloudFormation template. To learn more about Amazon CloudFormation, see Amazon Identity and Access Management resource type reference in the Amazon CloudFormation User Guide.

  8. When you are finished adding permissions to the policy, choose Next.

  9. On the Review and create page, enter a Policy name and a Description (optional) for the policy that you are creating. Review Permissions defined in this policy to see the permissions that are granted by your policy.

  10. (Optional) Add metadata to the policy by attaching tags as key-value pairs. For more information about using tags in IAM, see Tags for Amazon Identity and Access Management resources in the IAM User Guide.

  11. Choose Create policy to save your new policy.

Policy document – Copy and paste the following document to create the JSON policy.

JSON
{ "Version":"2012-10-17", "Statement": [ { "Action": [ "dax:*" ], "Effect": "Allow", "Resource": [ "*" ] }, { "Action": [ "dynamodb:*" ], "Effect": "Allow", "Resource": [ "*" ] } ] }