Prevent human access to DynamoDB data?
0
I am trying to prevent human access to DynamoDB table. I'm currently thinking of two approaches
- Deny based on
aws:PrincipalType- account and user - Allow KMS access only to AWS services
Is there a better approach to solve this problem?
質問済み 3ヶ月前117ビュー
1回答
- 新しい順
- 投票が多い順
- コメントが多い順
1
Hi,
I'd recommend to use a least-priviledge approach. Instead of denying access for certain principals (humans in this case), you should only grant permissions to those principals you know for sure need access (not humans). AWS denies access by default, so if you don't explictly allow an acces, AWS will block it. If you only grant access to the principals you want, AWS will block the rest, including humans.
- How Amazon DynamoDB works with IAM
- Determining whether a request is allowed or denied within an account
I hope this helps.
回答済み 3ヶ月前
関連するコンテンツ
AWS公式更新しました 1年前- AWS公式更新しました 8ヶ月前
