StreamGrants

class aws_cdk.aws_dynamodb.StreamGrants(*, table, table_stream_arn, encryption_key=None)

Bases: object

A set of permissions to grant on a Table Stream.

ExampleMetadata:: fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk import aws_dynamodb as dynamodb
from aws_cdk import aws_kms as kms
from aws_cdk.interfaces import aws_dynamodb as interfaces_dynamodb

# key: kms.Key
# table_ref: interfaces_dynamodb.ITableRef

stream_grants = dynamodb.StreamGrants(
    table=table_ref,
    table_stream_arn="tableStreamArn",

    # the properties below are optional
    encryption_key=key
)

Parameters:

table (ITableRef) – The table this stream is for.
table_stream_arn (str) – The ARN of the Stream.
encryption_key (Optional[IKey]) – The encryption key of the table. Required permissions will be added to the key as well. Default: - No key

Methods

actions(grantee, *actions)

Adds an IAM policy statement associated with this table’s stream to an IAM principal’s policy.

If encryptionKey is present, appropriate grants to the key needs to be added separately using the table.encryptionKey.grant* methods.

Parameters:

grantee (IGrantable) – The principal (no-op if undefined).
actions (str) – The set of actions to allow (i.e. “dynamodb:DescribeStream”, “dynamodb:GetRecords”, …).

Return type:

Grant

list(grantee)

Permits an IAM Principal to list streams attached to current dynamodb table.

Parameters:: grantee (IGrantable) – The principal (no-op if undefined).
Return type:: Grant

read(grantee)

Permits an IAM principal all stream data read operations for this table’s stream: DescribeStream, GetRecords, GetShardIterator, ListStreams.

Appropriate grants will also be added to the customer-managed KMS key if one was configured.

Parameters:: grantee (IGrantable) – The principal to grant access to.
Return type:: Grant