Open ermrg opened 1 year ago
I was unable to achieve the same thing. Tried both AWS_IAM
and AMAZON_COGNITO_USER_POOLS
authentication but for some reason the PrincipalTag is not effective.
I am facing the same. Any update on this issue?
Marked as a feature request.
Is this related to another service?
DynamoDB, Amplify, API Gateway, Cognito
Describe the feature you'd like to request
Objective Create a Policy to provide item-level access to the dynamodb using PrincipalTag and User Pool username. Users can access data only if the PK of dynamodb contains the User’s username.
Services
Amplify
,Cognito user-identity pool
,API Gateway
,DynamoDB
,Lambda
Describe the solution you'd like
trust policy
policy
Describe alternatives you've considered
Need to be able to add a policy that will allow items in dyamodb based on Cognito user pool username
Additional context
Error: ClientError: An error occurred (AccessDeniedException) when calling the Query operation ... is not authorized to perform: dynamodb:Query on resource .... because no identity-based policy allows the dynamodb:Query action