chore: update policy

Adetokunbo Ige · Adetokunbo Ige · commit 9feb2f202542 · 2024-11-16T23:07:58.000-08:00
Signed-off-by: Adetokunbo Ige &lt;aige@tempo.io&gt;
diff --git a/todo-app/__main__.py b/todo-app/__main__.py
@@ -57,9 +57,10 @@
     }
 )
 
-# Define IAM policy for DynamoDB access
-dynamodb_scan_policy = aws.iam.Policy(
+# 3. Create DynamoDB policy
+dynamodb_policy = aws.iam.Policy(
     "dynamodb-policy",
+    name=f"dynamodb-policy-{environment}",
     description="Policy for DynamoDB access",
     policy=pulumi.Output.json_dumps({
         "Version": "2012-10-17",
@@ -75,18 +76,19 @@
                     "dynamodb:Query"
                 ],
                 "Resource": [
-                    pulumi.Output.format("{}",dynamodb_table.arn),
-                    pulumi.Output.format("{}/*",dynamodb_table.arn)  # Include index access
+                    dynamodb_table.arn,
+                    pulumi.Output.concat(dynamodb_table.arn, "/*")
                 ]
             }
         ]
     })
 )
 
-# Attach the policy to the Lambda execution role
-role_policy_attachment = aws.iam.RolePolicyAttachment("lambda-role-policy-attachment",
+# 4. IMPORTANT: Attach the policy to the role
+lambda_dynamodb_policy_attachment = aws.iam.RolePolicyAttachment(
+    "lambda-dynamodb-policy-attachment",
     role=lambda_role.name,
-    policy_arn=dynamodb_scan_policy.arn
+    policy_arn=dynamodb_policy.arn
 )
 
 # Create a Lambda function using the Docker image

Original file line number	Diff line number	Diff line change
`@@ -57,9 +57,10 @@`
`57`	`57`	`}`
`58`	`58`	`)`
`59`	`59`
`60`		`-# Define IAM policy for DynamoDB access`
`61`		`-dynamodb_scan_policy = aws.iam.Policy(`
	`60`	`+# 3. Create DynamoDB policy`
	`61`	`+dynamodb_policy = aws.iam.Policy(`
`62`	`62`	`"dynamodb-policy",`
	`63`	`+ name=f"dynamodb-policy-{environment}",`
`63`	`64`	`description="Policy for DynamoDB access",`
`64`	`65`	`policy=pulumi.Output.json_dumps({`
`65`	`66`	`"Version": "2012-10-17",`
`@@ -75,18 +76,19 @@`
`75`	`76`	`"dynamodb:Query"`
`76`	`77`	`],`
`77`	`78`	`"Resource": [`
`78`		`- pulumi.Output.format("{}",dynamodb_table.arn),`
`79`		`- pulumi.Output.format("{}/*",dynamodb_table.arn) # Include index access`
	`79`	`+ dynamodb_table.arn,`
	`80`	`+ pulumi.Output.concat(dynamodb_table.arn, "/*")`
`80`	`81`	`]`
`81`	`82`	`}`
`82`	`83`	`]`
`83`	`84`	`})`
`84`	`85`	`)`
`85`	`86`
`86`		`-# Attach the policy to the Lambda execution role`
`87`		`-role_policy_attachment = aws.iam.RolePolicyAttachment("lambda-role-policy-attachment",`
	`87`	`+# 4. IMPORTANT: Attach the policy to the role`
	`88`	`+lambda_dynamodb_policy_attachment = aws.iam.RolePolicyAttachment(`
	`89`	`+ "lambda-dynamodb-policy-attachment",`
`88`	`90`	`role=lambda_role.name,`
`89`		`- policy_arn=dynamodb_scan_policy.arn`
	`91`	`+ policy_arn=dynamodb_policy.arn`
`90`	`92`	`)`
`91`	`93`
`92`	`94`	`# Create a Lambda function using the Docker image`