class TableGrants

Language	Type name
.NET	Amazon.CDK.AWS.DynamoDB.TableGrants
Go	github.com/aws/aws-cdk-go/awscdk/v2/awsdynamodb#TableGrants
Java	software.amazon.awscdk.services.dynamodb.TableGrants
Python	aws_cdk.aws_dynamodb.TableGrants
TypeScript (source)	aws-cdk-lib » aws_dynamodb » TableGrants

A set of permissions to grant on a Table.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_dynamodb as dynamodb } from 'aws-cdk-lib';
import { aws_iam as iam } from 'aws-cdk-lib';
import { aws_dynamodb as interfaces_dynamodb } from 'aws-cdk-lib/interfaces';

declare const encryptedResource: iam.IEncryptedResource;
declare const resourceWithPolicyV2: iam.IResourceWithPolicyV2;
declare const tableRef: interfaces_dynamodb.ITableRef;
const tableGrants = new dynamodb.TableGrants({
  table: tableRef,

  // the properties below are optional
  encryptedResource: encryptedResource,
  hasIndex: false,
  policyResource: resourceWithPolicyV2,
  regions: ['regions'],
});

Initializer

new TableGrants(props: TableGrantsProps)

Parameters

• props TableGrantsProps

Methods

Name	Description
actions(grantee, ...actions)	Adds an IAM policy statement associated with this table to an IAM principal's policy.
fullAccess(grantee)	Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.
multiAccountReplicationFrom(sourceReplicaArn)	Grants permissions for this table to act as a destination for multi-account global table replication.
multiAccountReplicationTo(destinationReplicaArn)	Grants permissions for this table to act as a source for multi-account global table replication.
readData(grantee)	Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
readWriteData(grantee)	Permits an IAM principal to all data read/write operations to this table.
writeData(grantee)	Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.
static fromTable(table, regions?, hasIndex?)	Creates a TableGrants object for a given table.

---

actions(grantee, ...actions)

public actions(grantee: IGrantable, ...actions: string[]): Grant

Parameters

• grantee IGrantable — The principal (no-op if undefined).
• actions string — The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...).

Returns

• Grant

Adds an IAM policy statement associated with this table to an IAM principal's policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

---

fullAccess(grantee)

public fullAccess(grantee: IGrantable): Grant

Parameters

• grantee IGrantable — The principal to grant access to.

Returns

• Grant

Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

---

multiAccountReplicationFrom(sourceReplicaArn)

public multiAccountReplicationFrom(sourceReplicaArn: string): void

Parameters

• sourceReplicaArn string — The ARN of the source replica table in the other account.

Grants permissions for this table to act as a destination for multi-account global table replication.

---

multiAccountReplicationTo(destinationReplicaArn)

public multiAccountReplicationTo(destinationReplicaArn: string): void

Parameters

• destinationReplicaArn string — The ARN of the destination replica table in the other account.

Grants permissions for this table to act as a source for multi-account global table replication.

---

readData(grantee)

public readData(grantee: IGrantable): Grant

Parameters

• grantee IGrantable — The principal to grant access to.

Returns

• Grant

Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

---

readWriteData(grantee)

public readWriteData(grantee: IGrantable): Grant

Parameters

• grantee IGrantable — The principal to grant access to.

Returns

• Grant

Permits an IAM principal to all data read/write operations to this table.

BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

---

writeData(grantee)

public writeData(grantee: IGrantable): Grant

Parameters

• grantee IGrantable — The principal to grant access to.

Returns

• Grant

Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

---

static fromTable(table, regions?, hasIndex?)

public static fromTable(table: ITableRef, regions?: string[], hasIndex?: boolean): TableGrants

Parameters

• table ITableRef
• regions string[]
• hasIndex boolean

Returns

• TableGrants

Creates a TableGrants object for a given table.