I would like to restrict access to my dynamodb table. I would want to have the same kind of functionality as with for exmaple with AD groups, you could check if a user is a part of a specific AD group and give access based on that.
What is the idiomatic way in AWS to restrict access to an aws dynamodb where the users are authenticated with cognito?
2
Answers
I would suggest using IAM policy Condition.
You can refer also to this Using IAM policy conditions for fine-grained access control
For any federated access to AWS, the user authenticates via their IdP and gets in return a set of AWS credentials associated with an AWS IAM role. You can use federated user attributes for access control.