Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

DynamoDB not able to Restore With Deny DeleteItem SCP

0

Hi there,

We have a service control policy attached for our account with explicit Deny on Dynamodb Delete Item. We have enabled Point in Time Recovery for the tables as well. When I was trying to perform Restore on a table, It's throwing error saying "User ....... not authorized to perform: dynamodb:DeleteItem on resource .... with an explicit deny in a service control policy"

I would like to know why Restore table action requires DeleteItem action ? Is this right ? How do we handle this case without trading off the SCP policy ?

Thanks

Temas
Base de datosGestión y gobierno
Etiquetas
Amazon DynamoDBPolítica de control de servicios
Idioma
English
rePost-User-3288232
preguntada hace un año260 visualizaciones
1 Respuesta
3
Respuesta aceptada

DeleteItem is required as part of the IAM policy but it is never used. Unfortunately this is by design and to restore a table you will need to grant the restore process DeleteItem permissions.

My assumption here is that the permissions are required as restore to an existing table has been long talked about and perhaps DeleteItem permissions are required for that feature, if/when it becomes available.

profile pictureAWS
EXPERTO
Leeroy Hannigan
respondido hace un año
profile picture
EXPERTO
Oleksii Bebych
revisado hace 6 días

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante