Table names are hardcoded into tests for S3Guard with DynamoDB. This makes it awkward to set up a least-privilege type AWS IAM user or role that can successfully execute the full test suite. You either have to know all the specific hardcoded table names and give the user Dynamo read/write access to those by name or just give blanket read/write access to all Dynamo tables in the account.
I propose the tests use a configuration property to specify a prefix for the table names used. Then the full test suite can be run by a user that is given read/write access to all tables with names starting with the configured prefix.