Grant custom table permissions from fromTableArn

[jkar32]

Granting more fine-grain permissions with Table.fromTableArn(...)

Currently, when using Table.fromTableArn(...) you are only able to

• grantReadData(...)
• grantReadWriteData(...)
• grantStreamRead(...)
• grantTableListStreams(...)
• grantWriteData(...)

I would like to add

• grant(...)

Just like Table allows you to when not getting the table from fromTableArn

Use Case

I discovered that I wanted to use more fine-grain control, E.g. not give scan ability in a lambda and the table was described in another stack.

Proposed Solution

import db = require("@aws-cdk/aws-dynamodb");

const table = db.Table.fromTableArn(
            this,
            `${id}Table`,
            cdk.Fn.importValue(TABLE_ARN)
        );

accountTable.grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;

---

This is a 🚀 Feature Request

[jogold]

Duplicate of #7473