How can I control user access to Amazon DynamoDB data via IAM?

Question

Does AWS Identity and Access Management (IAM) provide a way so that a user can only edit or delete the items in an Amazon DynamoDB table he added before?

Answer 1

I don't believe this is possible. IAM roles are basically controlling which API calls can a client make. Once the client get permission to perform an action, DynamoDB doesn't log that action and attach it to the client.

If you need this kind of behavior you should probably keep an attribute in your table that updates with some meta-data about the user made the operation.