In a multi-tenant system where we have multiple customers. Each of those customers will have multiple users. What's the best way to ensure users from customer1 can never access data that belongs to customer2. We do have customer_id in all of our tables. I came across fine-grained access control but not sure if it could be used for this use-case. If not, what are my options? What are the best-practices to ensure security here?
Here is a relevant reference to your use case, please see the dynamodb:LeadingKeys. Assuming you are doing CRUD operations against tables that has customer as hash key and users as range keys.