I have an AWS DynamoDB table which consists of one key and some attributes. AWS IAM allows to restrict the access to a specific key: Docs.
But is it possible to "filter" by the value of an attribute? For example:
"Allow access to all rows, where attribute_A = 1"
I didn't find anything like that after searching for hours. Thank you in advance!
Unfortunately you only have two options when restricting access via IAM:
It is not possible to restrict access via an attribute which isn't the Partition Key.
A workaround you could look into:
Leverage a GSI and use the Partition Key as your desired attribute you wish to filter by. You can restrict a user to only query the given Index and filter by the Partition Key of the GSI.
Read more here: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html
HTH
