What you are trying to achieve is not currently possible in a single operation with DynamoDB, as
ConditionExpression is not a read operation, its a write operation. As you have blocked this user from
UpdateItem on that attribute, they will be unable to do a conditional check on it. You would need to read the item first, making your assertion on the client side before updating.
Let me know if you would like me to raise a Feature Request with the team for this functionality.
DynamoDB in SFN -> Why does it request an ITEM value when it clearly shouldn'tAccepted Answerasked 6 months ago
DynamoDB UpdateItemAccepted AnswerEXPERTasked 4 years ago
Are Dynamodb conditional expressions consistent across nodes?Accepted Answerasked 10 months ago
Using a ConditionExpression in UpdateItem, without granting Write permission to the attribute used in the ConditionExpressionasked 10 months ago
Redshift - How to grant user permission to SELECT from a view without granting access to the underlying external tableAccepted Answerasked 5 months ago
How do you add permission for a scheduled lambda function to query a DynamoDB table?Accepted Answerasked 6 months ago
How to Delete all Dynamodb records except last 1 year (dynamodb table does not have a TTL attribute set)asked 3 months ago
Add dynamo db access permission to lambda function in cdkAccepted Answerasked 6 months ago
rest api gateway in front of dynamodb, POST mapping template for updateitem formatasked 10 months ago
Are you able to hide tables in a database using Lake Formation Taggingasked 8 months ago