AWS IAM

2.1. Sample: Simulate Role access to DynamoDB table

1. Introduction

AWS Identity and Access Management (IAM) is a web service that helps you securely control access to AWS resources. You use IAM to control who is authenticated (signed in) and authorized (has permissions) to use resources.

2. IAM policy simulator

You can access the IAM Policy Simulator Console at:

https://policysim.aws.amazon.com/

With the IAM policy simulator, you can test and troubleshoot identity-based policies, IAM permissions boundaries, Organizations service control policies (SCPs), and resource-based policies.

2.1. Sample: Simulate Role access to DynamoDB table

Access the IAM policu simulator

a) At the "Policies" pane:

Choose the role, eg: myapp_anotherapp_role

Select the policy, eg: myapp_anotherapp_policy

b) At the "Policy Simulator" pane:

Choose DynamoDB

Action Query

Resource (WARNING: MUST BE SPECIFIED USING ARN SYNTAX)

arn:aws:dynamodb:eu-west-1:123456789012:table/myenv-myapp-ProductCatalog

arn:aws:dynamodb::123456789012:table/myenv-myapp-ProductCatalog

Click button "Run Simulation"

At section "Action Settings and Results", the 'Permission' column will show: "allowed 1 matching statements. "