What should the database specialist do to meet these requirements?

By:
In: DBS-C01
Tagged:
With: 1 Comment
A company uses Amazon DynamoDB to store its customer data.The DynamoDB table is designed with the user ID as the partition key value and multiple other non-key attributes.An external application needs to access data for specific user IDs.The external application must have access only to items with specific partition key values.

What should the database specialist do to meet these requirements?

Use the dynamodb:ReturnValues condition key in the external application’s IAM policy to grant access.

Use a projection expression to select specific users from the DynamoDB table for the external application.

Use the ExecuteStatementAPI operation to select specific users from the DynamoDB table for the external application.

Use the dynamodb:LeadingKeys condition key in the external application’s IAM policy to grant access.

Explanations:

Thedynamodb:ReturnValuescondition key is used to control the return values of a write operation, not for granting access to specific partition key values.

A projection expression is used to specify which attributes to retrieve in a query or scan, not to filter based on partition key values. It does not control access.

TheExecuteStatementAPIoperation allows SQL-like queries but does not provide access control for specific partition keys. It cannot be used to restrict access to data by partition key.

Thedynamodb:LeadingKeyscondition key in an IAM policy allows specifying the partition key values that a user can access. This ensures the external application only has access to specific user IDs.

2025-10-06

1 Comment

  1. Cheryl
    Author

    I plan that the answer is:
    Use the dynamodb:LeadingKeys condition key in the external application’s IAM policy to grant access.

Leave a Reply

Your email address will not be published. Required fields are marked *

1 + 4 =