By using IAM policies and cognito, you can limit access to data in dynamo tables based on the authenticated user. It's called fine grained access. Is there any way to do this based on membership to cognito group or perhaps membership to an IAM role?
Asked
Active
Viewed 863 times
1 Answers
0
The answer here explains how can you implement fine grained access control on DynamoDB using Cognito Federated identities.
We can now extend this using Role based access control and Cognito User Pools groups. A user from a group in Cognito User Pool will be assigned an IAM role which allows the user access to the row belonging to only his identity. Although, this still does not achieve access control based on group membership which you were trying to get to. Although a different DynamoDB table per group, hence IAM role, can possibly give you the desired access control.
Chetan Mehta
- 5,491
- 1
- 22
- 21
-
I've considered a table or group. While technically possible, it is rendered impractical because dynamo has a hard limit of 256 tables per region. – vangorra Oct 16 '17 at 02:32