Managing Access and Permissions with the AWS CDK

The AWS Construct Library for the AWS CDK provides widely-implemented idioms to manage access to your cloud resources. The IAM module offers tools to provide various IAM principals with authenticated access to AWS resources. Certain resource constructs within the Construct Library have built-in methods to grant commonly used permissions to other resources, i.e. read and write access.

In this lab, you will work with the IAM module to create an IAM Role with DynamoDB permissions. You will also work with the DynamoDB construct method to grant access to a Lambda function you create.

Learning Objectives

Upon completion of this intermediate-level lab, you will be able to:

• Deploy an IAM Role and Policy using the AWS CDK
• Explore built-in AWS CDK Construct methods to grant resource access

Intended Audience

• Cloud Architects
• DevOps Engineers
• Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• AWS Cloud Development Kit (CDK)
• AWS Identity and Access Management (IAM)
• Amazon DynamoDB
• AWS Lambda

The following content can be used to fulfill the prerequisite:

• Introduction to IAM
• Introduction to DynamoDB
• Defining Cloud Infrastructure with the AWS CDK v2 in Python
• Managing Assets with the AWS CDK v2

Updates

April 17th, 2024 - Resolved IAM permission issue

August 16th, 2023 - Remove Node deprecation warning and updated CDK CLI version

March 13th, 2023 - Enabled autosave in the lab's browser IDE