From 9368fbdb7be22b9eeeab41a4657498cfbca9eb04 Mon Sep 17 00:00:00 2001
From: ntkathole <nikhilkathole2683@gmail.com>
Date: Thu, 16 Oct 2025 16:13:07 +0530
Subject: [PATCH] fix: Skip tag updates if user do not have permissions

Signed-off-by: ntkathole <nikhilkathole2683@gmail.com>
---
 sdk/python/feast/infra/online_stores/dynamodb.py | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/sdk/python/feast/infra/online_stores/dynamodb.py b/sdk/python/feast/infra/online_stores/dynamodb.py
index e60796b2963..a03695fd1b4 100644
--- a/sdk/python/feast/infra/online_stores/dynamodb.py
+++ b/sdk/python/feast/infra/online_stores/dynamodb.py
@@ -249,7 +249,18 @@ def update(
             # tags won't be updated in the create_table call if the table already exists
             if do_tag_updates[table_name]:
                 tags = self._table_tags(online_config, table_instance)
-                self._update_tags(dynamodb_client, table_name, tags)
+                try:
+                    self._update_tags(dynamodb_client, table_name, tags)
+                except ClientError as ce:
+                    # If tag update fails with AccessDeniedException, log warning and continue
+                    # This allows Feast to work in environments where IAM roles don't have
+                    # dynamodb:TagResource and dynamodb:UntagResource permissions
+                    if ce.response["Error"]["Code"] == "AccessDeniedException":
+                        logger.warning(
+                            f"Unable to update tags for table {table_name} due to insufficient permissions."
+                        )
+                    else:
+                        raise
 
         for table_to_delete in tables_to_delete:
             _delete_table_idempotent(