Closed mingqin1 closed 8 years ago
sapessi
commented
8 years ago Yes, we could. However, It requires a structural change to the DynamoDB table. You'd need to change the key in the table to be the identityID instead of the PetID. You can see some example policies here http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/FGAC_DDB.Examples.html
mingqin1
commented
8 years ago Stefano: I didn't realize this constrain ( cognito identity pool's identityId must be primary hash key of business tables) when using IAM to Control Access to DynamoDB Resources. Pets Dynamo Table needs to have identityId as primary hash key, business Id ( such as petId) as range key.
Hi Team: Stefano Buliani had a presentation i( https://www.youtube.com/watch?v=ZBxWZ9bgd44 , minutes 36:17) about both AWS Lambda and DynamoDB will follow the the access policy such as "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [”${cognito-identity.amazonaws.com:sub}"], "dynamodb:Attributes": [ "UserId","GameTitle","Wins","Losses", "TopScore","TopScoreDateTime” ] }, "StringEqualsIfExists": { "dynamodb:Select": "SPECIFIC_ATTRIBUTES” } } Could we add a similar policy to this project? pets API post method could insert a new item to pets table with attribute name identityId and attribute value as congitoId . The users tables has that attributes.