Does the IAM policy need include access to the CMK chosen for DynamoDB encryption in order to access the DynamoDB?

When I create a DynamoDB table, I can choose to encrypt the table use a customer managed Key (CMK). My question is when creating an IAM role/policy to allow say, read/write to the table, like dynamodb:GetItem, do I also need to add permission to access the key itself? I did not seem see this in the AWS DynamoDB doc.

Solution

Yes you do, you can either add the permissions to the role, or to the key policy.

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.usagenotes.html#dynamodb-kms-authz

Uniqueness in DynamoDB secondary index
ValidationException: The table does not have the specified index: GameTitleIndex
"sls dynamodb start" throws spawn java ENOENT
Running DynamoDb locally in docker gives different tables whether connecting from inside or outside docker
Does the IAM policy need include access to the CMK chosen for DynamoDB encryption in order to access the DynamoDB?
server timeout on Dynamo DB query operation to get items from a table
How to get item count from DynamoDB?
Query on non-key attribute
Do DynamoDB Streams using Lambda Triggers guarantee no duplicates?
AWS cli - DynamoDb batch-execute-statement return Expected identifier for simple path
In DynamoDb, how do I optimize away extra joins when accesing data records that are often fetched together
How to Optimize DynamoDB Data Model. Please advise
how to implement service quota
How to use aws-cli with local dynamoDB ?
AWS Dynamodb ContinuousBackupsUnavailableException
DB table deleted but not able to create a new one since it still has the old identifier
Querying DynamoDB by date
How can I update table item value of a dict inside a list?
How to debug a aws lambda function?
DyanmoDB ValidationException batchWrite
Rollback with DynamoDb?
Can a Dynamodb table be temporarily restricted to readonly access?
How can I send a list to an API with AWS step function
DynamoDB not as scalable as it seems?
Delete all items in a DynamoDB table using bash with both partition and sort keys
AWS Lambda "cannot find module aws-sdk" in Build a Basic Web Application tutorial
How to write more than 25 items/rows into Table for DynamoDB?
DeleteItem API throws error - The provided key element does not match the schema (DynamoDB)
Can not find python boto3 batch_write response
What is the max duration for the creation of a DynamoDB GSI?