DEV Community

Learn2Skills for AWS Community Builders

Posted on • Edited on

3

Amazon DynamoDB adds support for attribute-based access control

Attribute-based access control (ABAC) is an authorization technique that allows you to define fine-grained permissions based on user factors like department, job title, and team name. User attributes make permissions more intuitive and simplify the administrative process of managing access. By specifying permissions with attributes, you can reduce the number of separate permissions required to create fine-grained controls in your AWS account.

Attribute-Based Access Control for Amazon DynamoDB is now available in limited preview in the US East (Ohio), US East (Virginia), and US West (N. California) Regions. To request access to the limited preview, visit the preview page.

Use cases

  • Grant developers and workloads read and write access to only their project resources.

Solution: When you base permissions on user attributes, you can ensure that developers and workloads only have read and write access to resources related to their projects. If the attributes of developers or workloads match those of project resources, they are granted access. Otherwise, they are rejected. For example, you can assign two developers from different teams, Alejandro and Mary, to the same IAM role and then use the team name property to manage access. When Alejandro and Mary check in to AWS, their identity provider (IdP) transmits their team name as an attribute in the AWS session, and they are only permitted access to their team's project resources, as indicated by the tags on those resources.

Image description

As you create new resource permission and new secrets and application have automatically access, to all secrets tag and product tag.

Image description

This are the tag Governance, Tags are for access control
Image description

Image description

Configure AWS tags and keys
Image description

Image description

Create secrets that are tagged with the project tag
Image description

Image description

Ref: attribute-based access control

Image of Docusign

Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

Top comments (0)

Best Practices for Running  Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK cover image

Best Practices for Running Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK

This post discusses the process of migrating a growing WordPress eShop business to AWS using AWS CDK for an easily scalable, high availability architecture. The detailed structure encompasses several pillars: Compute, Storage, Database, Cache, CDN, DNS, Security, and Backup.

Read full post