IAM policy to grant read-only permissions on items in a DynamoDB table - Amazon DynamoDB
Services or capabilities described in AWS documentation might vary by Region. To see the differences applicable to the AWS European Sovereign Cloud Region, see the AWS European Sovereign Cloud User Guide.

IAM policy to grant read-only permissions on items in a DynamoDB table

The following permissions policy grants permissions for the GetItem, BatchGetItem, Scan, Query, and ConditionCheckItem DynamoDB actions only, and as a result, sets read-only access on the Books table.

JSON
{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
            "Sid": "ReadOnlyAPIActionsOnBooks",
            "Effect": "Allow",
            "Action": [
                "dynamodb:GetItem",
                "dynamodb:BatchGetItem",
                "dynamodb:Scan",
                "dynamodb:Query",
                "dynamodb:ConditionCheckItem"
            ],
            "Resource": "arn:aws-eusc:dynamodb:us-west-2:123456789012:table/Books"
        }
    ]
}