Added dynamodb:DescribeTable to DynamoDBCrudPolicy and DynamoDBReadPo… #511
Conversation
|
@sliedig could you rebase this on latest develop? |
|
Done |
|
Thanks. Unfortunately there's still a couple of issues:
|
|
I see that. Apologies, let me sort that out. Thanks. |
…cy_templates.json"
…Policy in /samtranslator/policy_templates_data/policy_templates.json
|
Any idea when this will be merged into the master branch . I faced the same issue , and for now , I have to manually add the policy from IAM to get it working after my app is deployed from the serverless app repository? |
|
Per company policy I can't give you an exact date, but we are currently rolling out SAM v1.7.0 and are planning another release very soon for SAM that will have these changes (among other recent items) in it. |
|
I take it this PR did not make it into the v1.7.0 release? |
|
It was not in the v1.7.0 release, but it is currently in the v1.8.0 candidate release branch. |
|
Should the DynamoDBReadPolicy policy also give permission to the table's Global Secondary Indexes? I was hoping it would but that doesn't seem to be the case. Using the policy, my lambda throws this error: I can fix it manually by adding * to the end of the IAM policy resource (tablename), like "awscodestar-lambda-TokenTable-1VL" -> "awscodestar-lambda-TokenTable-1VL*". But if I update the lambda, the change gets overwritten. I tried to add the * in the SAM template but it didn't work out. Like this:
|
|
This feature has now been released with 1.8.0 |
|
Thank you! :-) |
Issue #, if available:
#509
Description of changes:
Added dynamodb:DescribeTable to DynamoDBCrudPolicy and DynamoDBReadPolicy policy templates
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.