Answer-first summary for fast verification
Answer: dynamodb:UpdateItem, dynamodb:GetItem
dynamodb:UpdateItem, dynamodb:GetItem - With Amazon DynamoDB transactions, you can group multiple actions together and submit them as a single all-or-nothing TransactWriteItems or TransactGetItems operation. You can use AWS Identity and Access Management (IAM) to restrict the actions that transactional operations can perform in Amazon DynamoDB. Permissions for Put, Update, Delete, and Get actions are governed by the permissions used for the underlying PutItem, UpdateItem, DeleteItem, and GetItem operations. For the ConditionCheck action, you can use the dynamodb:ConditionCheck permission in IAM policies. UpdateItem action of DynamoDB APIs, edits an existing item's attributes or adds a new item to the table if it does not already exist. You can put, delete, or add attribute values. You can also perform a conditional update on an existing item (insert a new attribute name-value pair if it doesn't exist, or replace an existing name-value pair if it has certain expected attribute values). There is no need to inlcude the dynamodb:PutItem action for the given use-case. So, the IAM policy must include permissions to get and update the item in the DynamoDB table.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
A development team is engaged in developing an AWS Lambda function that interacts with a DynamoDB table. The specific functionality of this Lambda function involves performing an "upsert" operation. This operation entails either retrieving an existing item and updating certain attributes or creating a new item if it does not already exist in the table.
Which of the following options outlines the minimal IAM permissions necessary for the Lambda function to successfully carry out this upsert operation?
A
dynamodb:AddItem, dynamodb:GetItem
B
dynamodb:UpdateItem, dynamodb:GetItem, dynamodb:PutItem
C
dynamodb:UpdateItem, dynamodb:GetItem
D
dynamodb:GetRecords, dynamodb:PutItem, dynamodb:UpdateTable
No comments yet.