Assuming you need an AWS IAM policy giving all permissions only for specific DynamoDB Tables. The user can perform all actions but only on given tables.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"dynamodb:ListTables"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": [
"dynamodb:*"
],
"Resource": [
"arn:aws:dynamodb:us-east-1:xxxxxxxx:table/Posts",
"arn:aws:dynamodb:us-east-1:xxxxxxxx:table/Posts/index/*"
]
}
]
}
- First statement allows all DynamoDB tables to be listed to the user (useful to see in the console). There is no permission to allow listing of only specific DynamoDB tables.
- Second statement allows all actions for a sample DynamoDB table named Posts and its indexes. Include your own ARNs here.