AWS Certified Database – Specialty — Question 184

A company uses Amazon DynamoDB to store its customer data. The DynamoDB table is designed with the user ID as the partition key value and multiple other non-key attributes. An external application needs to access data for specific user IDs. The external application must have access only to items with specific partition key values.

What should the database specialist do to meet these requirements?

Answer options

• A. Use the dynamodb:ReturnValues condition key in the external application's IAM policy to grant access.
• B. Use a projection expression to select specific users from the DynamoDB table for the external application.
• C. Use the ExecuteStatementAPI operation to select specific users from the DynamoDB table for the external application.
• D. Use the dynamodb:LeadingKeys condition key in the external application's IAM policy to grant access.

Correct answer: D

Explanation

The correct answer is D because the dynamodb:LeadingKeys condition key enables access control based on the specific partition key values, ensuring that the external application can only access the intended items. The other options either do not provide the necessary access restrictions (A), focus on data retrieval methods rather than access control (B and C), or are not appropriate for this requirement.