DVA-C02 · Question #457
A gaming application stores scores for players in an Amazon DynamoDB table that has four attributes: user_id, user_name, user_score, and user_rank. The users are allowed to update their names only. A
The correct answer is A. "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "${www.amazon.com:user_id}" ], "dynamodb:Attributes": [ "user_name" ] } }. Option A is correct because it uses dynamodb:LeadingKeys matched to the authenticated user's user_id (via the web identity federation variable ${www.amazon.com:user_id}), ensuring users can only modify their own records. The dynamodb:Attributes condition restricts the writable at
Question
A gaming application stores scores for players in an Amazon DynamoDB table that has four attributes: user_id, user_name, user_score, and user_rank. The users are allowed to update their names only. A user is authenticated by web identity federation. Which set of conditions should be added in the policy attached to the role for the dynamodb:PutItem API call? A. B. C. D.
Exhibits
Options
- A"Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "${www.amazon.com:user_id}" ], "dynamodb:Attributes": [ "user_name" ] } }
- B"Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "${www.amazon.com:user_name}" ], "dynamodb:Attributes": [ "user_id" ] } }
- C"Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "${www.amazon.com:user_id}" ], "dynamodb:Attributes": [ "user_name", "user_id" ] } }
- D"Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "${www.amazon.com:user_name}" ], "dynamodb:Attributes": [ "user_name", "user_id" ] } }
How the community answered
(29 responses)- A55% (16)
- B24% (7)
- C7% (2)
- D14% (4)
Explanation
Option A is correct because it uses dynamodb:LeadingKeys matched to the authenticated user's user_id (via the web identity federation variable ${www.amazon.com:user_id}), ensuring users can only modify their own records. The dynamodb:Attributes condition restricts the writable attribute to only user_name, which aligns with the requirement that users can update their names only. Together, these two conditions enforce both row-level and attribute-level security.
Topics
Community Discussion
No community discussion yet for this question.







