Amazon DynamoDB now supports Attribute-Based Access Control (ABAC) for tables and indexes. ABAC allows for more granular access control based on tags attached to users, roles, and AWS resources.

Specifically, the article covers:

• ABAC defines access permissions based on tags
• Tag-based conditions can allow or deny actions when IAM principal tags match DynamoDB table tags
• ABAC provides more flexibility in setting permissions based on organizational structures
• ABAC is supported through AWS Management Console, APIs, CLI, SDKs, and CloudFormation
• ABAC for DynamoDB is currently available in limited preview in US East (Ohio), US East (Virginia), and US West (N. California) regions