Cloud Data Access
Also available as:
PDF
loading table of contents...

Creating DynamoDB Access Policy

In order to configure S3Guard, you must to provide read and write permissions for the DynamoDB table that S3Guard will create and use. To do this, you must add a DynamoDB access policy to your IAM role using the following steps:

  1. Log in to your AWS account and navigate to the Identity and Access Management (IAM) console.

  2. In the IAM console, select Roles from the left pane.

  3. Search for an IAM role that you want to update:

  4. Click on the role.

  5. In the Permissions tab, click Create Role Policy:

  6. Click Select next to the Policy Generator:

  7. Enter:

    ParameterValue
    EffectAllow
    AWS ServiceAmazon DynamoDB
    ActionsAll Actions
    Amazon Resource Name (ARM)*

    Your configuration should look similar to:

  8. Click Add Statement.

  9. Click Next Step.

  10. On the "Review Policy" page, review your new policy and then click Apply Policy:

Now the policy will be attached to your IAM role and your cluster will be able to talk to DynamoDB, including creating a table for S3 metadata when S3Guard is configured.

You must also configure S3Guard in Ambari.