How can I control user access to Amazon DynamoDB data via IAM?

Question

Does AWS Identity and Access Management (IAM) provide a way so that a user can only edit or delete the items in an Amazon DynamoDB table he added before?

Answer 1

You can add an IAM user that is restricted to the PutItem/UpdateItem/DeleteItem DynamoDB actions and that is restricted to a specific table by ARN. See Using IAM to Control Access to Amazon DynamoDB Resources.

You can use resource-level ARNs in IAM policies for all Amazon DynamoDB actions, except ListTables.

There's no inbuilt way to restrict table updates to 'the user who created the table', however, but you could script that at table creation time, I guess.