Posted On: Nov 22, 2024

Amazon DynamoDB is a serverless, NoSQL, fully managed database with single-digit millisecond performance at any scale. Today, we are announcing the general availability of attribute-based access control (ABAC) support for tables and indexes in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD. ABAC is an authorization strategy that lets you define access permissions based on tags attached to users, roles, and Amazon Web Services resources. Using ABAC with DynamoDB helps you simplify permission management with your tables and indexes as your applications and organizations scale.

policies or other policies to allow or deny specific actions on your tables or indexes when IAM principals’ tags match the tags for the tables. Using tag-based conditions, you can also set more granular access permissions based on your organizational structures. ABAC automatically applies your tag-based permissions to new employees and changing resource structures, without rewriting policies as organizations grow.

There is no additional cost to use ABAC. You can get started with ABAC by using the Amazon Web Services Management Console, Amazon API, Amazon CLI, Amazon SDK, or Amazon CloudFormation. Learn more at Using attribute-based access control with DynamoDB.