class TableGrants
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.DynamoDB.TableGrants |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsdynamodb#TableGrants |
 Java | software.amazon.awscdk.services.dynamodb.TableGrants |
 Python | aws_cdk.aws_dynamodb.TableGrants |
 TypeScript (source) | aws-cdk-lib » aws_dynamodb » TableGrants |
A set of permissions to grant on a Table.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_dynamodb as dynamodb } from 'aws-cdk-lib';
import { aws_iam as iam } from 'aws-cdk-lib';
import { aws_dynamodb as interfaces_aws_dynamodb } from 'aws-cdk-lib/interfaces';
declare const encryptedResource: iam.IEncryptedResource;
declare const resourceWithPolicyV2: iam.IResourceWithPolicyV2;
declare const tableRef: interfaces_aws_dynamodb.ITableRef;
const tableGrants = new dynamodb.TableGrants({
table: tableRef,
// the properties below are optional
encryptedResource: encryptedResource,
hasIndex: false,
policyResource: resourceWithPolicyV2,
regions: ['regions'],
});
Initializer
new TableGrants(props: TableGrantsProps)
Parameters
- props
TableGrants Props
Methods
| Name | Description |
|---|---|
| actions(grantee, ...actions) | Adds an IAM policy statement associated with this table to an IAM principal's policy. |
| full | Permits all DynamoDB operations ("dynamodb:*") to an IAM principal. |
| read | Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable. |
| read | Permits an IAM principal to all data read/write operations to this table. |
| write | Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable. |
actions(grantee, ...actions)
public actions(grantee: IGrantable, ...actions: string[]): Grant
Parameters
- grantee
IGrantable— The principal (no-op if undefined). - actions
string— The set of actions to allow (i.e. "dynamodb:PutItem", "dynamodb:GetItem", ...).
Returns
Adds an IAM policy statement associated with this table to an IAM principal's policy.
If encryptionKey is present, appropriate grants to the key needs to be added
separately using the table.encryptionKey.grant* methods.
fullAccess(grantee)
public fullAccess(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— The principal to grant access to.
Returns
Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.
Appropriate grants will also be added to the customer-managed KMS key if one was configured.
readData(grantee)
public readData(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— The principal to grant access to.
Returns
Permits an IAM principal all data read operations from this table: BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, DescribeTable.
Appropriate grants will also be added to the customer-managed KMS key if one was configured.
readWriteData(grantee)
public readWriteData(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— The principal to grant access to.
Returns
Permits an IAM principal to all data read/write operations to this table.
BatchGetItem, GetRecords, GetShardIterator, Query, GetItem, Scan, BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable
Appropriate grants will also be added to the customer-managed KMS key if one was configured.
writeData(grantee)
public writeData(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable— The principal to grant access to.
Returns
Permits an IAM principal all data write operations to this table: BatchWriteItem, PutItem, UpdateItem, DeleteItem, DescribeTable.
Appropriate grants will also be added to the customer-managed KMS key if one was configured.