Amazon DynamoDB is a serverless, NoSQL, fully managed database with single-digit millisecond performance at any scale. Today, we are announcing the general availability of attribute-based access control (ABAC) support for tables and indexes in all AWS Commercial Regions and the AWS GovCloud (US) Regions. ABAC is an authorization strategy that lets you define access permissions based on tags attached to users, roles, and AWS resources. Using ABAC with DynamoDB helps you simplify permission management with your tables and indexes as your applications and organizations scale.
ABAC uses tag-based conditions in your AWS Identity and Access Management (IAM) policies or other policies to allow or deny specific actions on your tables or indexes when IAM principals’ tags match the tags for the tables. Using tag-based conditions, you can also set more granular access permissions based on your organizational structures. ABAC automatically applies your tag-based permissions to new employees and changing resource structures, without rewriting policies as organizations grow.
There is no additional cost to use ABAC. You can get started with ABAC using the AWS Management Console, AWS API, AWS CLI, AWS SDK, or AWS CloudFormation. Learn more at Using attribute-based access control with DynamoDB .