IAM policy to grant read-only permissions on items in a DynamoDB table - Amazon DynamoDB
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

IAM policy to grant read-only permissions on items in a DynamoDB table

The following permissions policy grants permissions for the GetItem, BatchGetItem, Scan, Query, and ConditionCheckItem DynamoDB actions only, and as a result, sets read-only access on the Books table.

JSON
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ReadOnlyAPIActionsOnBooks",
            "Effect": "Allow",
            "Action": [
                "dynamodb:GetItem",
                "dynamodb:BatchGetItem",
                "dynamodb:Scan",
                "dynamodb:Query",
                "dynamodb:ConditionCheckItem"
            ],
            "Resource": "arn:aws:dynamodb:us-west-2:123456789012:table/Books"
        }
    ]
}