Now, I got it. I have not explored much on how to configure fine-grained authorization on Dynamo DB side. This blog is more about API security rather than DB security. I am sure there should be some way to map scopes to roles to DB permissions either using out of the box features or custom code. But, I am not 100% sure.