Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

DynamoDB not able to Restore With Deny DeleteItem SCP

0

Hi there,

We have a service control policy attached for our account with explicit Deny on Dynamodb Delete Item. We have enabled Point in Time Recovery for the tables as well. When I was trying to perform Restore on a table, It's throwing error saying "User ....... not authorized to perform: dynamodb:DeleteItem on resource .... with an explicit deny in a service control policy"

I would like to know why Restore table action requires DeleteItem action ? Is this right ? How do we handle this case without trading off the SCP policy ?

Thanks

Tópicos
Banco de dadosGestão e governança
Tags
Amazon DynamoDBPolítica de controle de serviço
Idioma
English
rePost-User-3288232
feita há um ano247 visualizações
1 Resposta
2
Resposta aceita

DeleteItem is required as part of the IAM policy but it is never used. Unfortunately this is by design and to restore a table you will need to grant the restore process DeleteItem permissions.

My assumption here is that the permissions are required as restore to an existing table has been long talked about and perhaps DeleteItem permissions are required for that feature, if/when it becomes available.

profile pictureAWS
ESPECIALISTA
Leeroy Hannigan
respondido há um ano

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante