An organization has created 10 IAM users. The organization wants each of the IAM users to have access to a separate DynamoDB table. All the users are added to the same group and the organization wants to setup a group level policy for this. How can the organization achieve this?
A) Define the group policy and add a condition which allows the access based on the IAM name
B) Create a DynamoDB table with the same name as the IAM user name and define the policy rule which grants access based on the DynamoDB ARN using a variable
C) Create a separate DynamoDB database for each user and configure a policy in the group based on the DB variable
D) It is not possible to have a group level policy which allows different IAM users to different DynamoDB Tables

Question

Quizplus · Accepted Answer

The organization can create a policy that uses policy variables, such as ${aws:username}, to dynamically grant access to resources with names that match the IAM user names. This allows each user to access their respective DynamoDB table without needing separate policies for each user.

An Organization Has Created 10 IAM Users