No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

<@U03CXELT74M> looks like that creates an IAM role that is abstracted away from you. Similar to this:

<https://github.com/pulumi/examples/blob/258d3bad0a00020704743e37911c51be63c06bb4/aws-ts-serverless-raw/index.ts#L31-L49>

note you'll need to scope the resource (line 45) to the specific table

Are there plans to add similar levels of abstraction for really common and abstractable tasks to Pulumi ?

yes, its being worked on actively right now

Is there any information on what the interface will look like ?  I'm going to add methods to the DynamoDB/etc classes

not at the moment, check back next week :slightly_smiling_face:

Here's what I did:

```aws.dynamodb.Table.prototype.grantReadWriteData = async function(role: aws.iam.Role): Promise&lt;void&gt; {
	const roleName = await pulumiOutputStringToString(role.name);
	const policyName = `${roleName}-rolepolicy`;

	if (rolePolicyMap[policyName] === undefined) {
		rolePolicyMap[policyName] = {
			statements: [],
			role: role
		};
	}

	const rolePolicyStatements = rolePolicyMap[policyName].statements;
	rolePolicyStatements.push({
		Action: [
			"dynamodb:BatchGetItem",
			"dynamodb:GetRecords",
			"dynamodb:GetShardIterator",
			"dynamodb:Query",
			"dynamodb:GetItem",
			"dynamodb:Scan",
			"dynamodb:ConditionCheckItem",
			"dynamodb:BatchWriteItem",
			"dynamodb:PutItem",
			"dynamodb:UpdateItem",
			"dynamodb:DeleteItem",
			"dynamodb:DescribeTable"
		],
		Resource: this.arn,
		Effect: "Allow",
	});
}```