Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post

DynamoDB not able to Restore With Deny DeleteItem SCP

0

Hi there,

We have a service control policy attached for our account with explicit Deny on Dynamodb Delete Item. We have enabled Point in Time Recovery for the tables as well. When I was trying to perform Restore on a table, It's throwing error saying "User ....... not authorized to perform: dynamodb:DeleteItem on resource .... with an explicit deny in a service control policy"

I would like to know why Restore table action requires DeleteItem action ? Is this right ? How do we handle this case without trading off the SCP policy ?

Thanks

Argomenti
DatabaseGestione e amministrazione
Tag
Amazon DynamoDBPolitica di controllo dei servizi
Lingua
English
rePost-User-3288232
posta un anno fa247 visualizzazioni
1 Risposta
2
Risposta accettata

DeleteItem is required as part of the IAM policy but it is never used. Unfortunately this is by design and to restore a table you will need to grant the restore process DeleteItem permissions.

My assumption here is that the permissions are required as restore to an existing table has been long talked about and perhaps DeleteItem permissions are required for that feature, if/when it becomes available.

profile pictureAWS
ESPERTO
Leeroy Hannigan
con risposta un anno fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande

Contenuto pertinente