jameshow
commented
7 years ago From the policies: https://github.com/awslabs/aws-cognito-angular2-quickstart/blob/master/aws/authrole.json
"Condition": { | "ForAllValues:StringEquals": { | "dynamodb:LeadingKeys": [ | "${cognito-identity.amazonaws.com:sub}"
Access is controlled by the cognito identity you get from the service. You can only get access to keys that match your identity.
You can read more on DynamoDB fine-grained access control here: http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html
AcidLeroy
So this isn't so much an issue as it is a question about the flow of the program. Looking through the code, I don't fully understand how to ensure that other users can't access DynamoDB resources from another user. What guards are put in place that prevent one user from getting their cognito credentials to then make requests to DynamoDB. This may stem from my lack of understanding of DDB, so a quick response would be greatly appreciated.