sparse-intern-71089
09/13/2022, 7:22 AMabundant-hair-53100
09/13/2022, 7:23 AMResource: '*'
but I don’t want that. And I think the arn is not resolved at the time of execution for the Policy. Is this correct?millions-furniture-75402
09/13/2022, 12:52 PMmillions-furniture-75402
09/13/2022, 12:53 PMAction: [DBAction.Put]
?millions-furniture-75402
09/13/2022, 12:56 PMconfirmUserIamRolePolicy
's arnmillions-furniture-75402
09/13/2022, 12:57 PMpulumi.interpolate`${usersTable.arn}`,
millions-furniture-75402
09/13/2022, 12:58 PMnew aws.iam.RolePolicyAttachment(
`${appName}-lambda-role-attachment`,
{
role: applicationRole,
policyArn: new aws.iam.Policy(`${appName}-lambda-policy`, {
policy: {
Version: "2012-10-17",
Statement: [
{
Sid: "DynamoDBCrud",
Effect: "Allow",
Action: [
"dynamodb:GetItem",
"dynamodb:DeleteItem",
"dynamodb:PutItem",
"dynamodb:Scan",
"dynamodb:Query",
"dynamodb:UpdateItem",
"dynamodb:BatchWriteItem",
"dynamodb:BatchGetItem",
"dynamodb:DescribeTable",
"dynamodb:ConditionCheckItem",
],
Resource: [
pulumi.interpolate`${eventTransactionsDdbTableArn}`,
pulumi.interpolate`${eventTransactionsDdbTableArn}/index/*`,
]
abundant-hair-53100
09/13/2022, 2:52 PM