|
34 | 34 | policy_arn="arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole" |
35 | 35 | ) |
36 | 36 |
|
37 | | -# Define an IAM policy that allows DynamoDB scan action |
38 | | -dynamodb_scan_policy = aws.iam.Policy("dynamodb-policy", |
39 | | - policy={ |
| 37 | +# Define IAM policy for DynamoDB access |
| 38 | +dynamodb_policy = aws.iam.Policy( |
| 39 | + "dynamodb-policy", |
| 40 | + description="Policy for DynamoDB access", |
| 41 | + policy=pulumi.Output.json_dumps({ |
40 | 42 | "Version": "2012-10-17", |
41 | 43 | "Statement": [ |
42 | 44 | { |
43 | 45 | "Effect": "Allow", |
44 | | - "Action": "dynamodb:Scan", |
45 | | - "Resource": "arn:aws:dynamodb:us-east-1:289940214902:table/todo-dev-*" |
| 46 | + "Action": [ |
| 47 | + "dynamodb:Scan", |
| 48 | + "dynamodb:PutItem", |
| 49 | + "dynamodb:GetItem", |
| 50 | + "dynamodb:UpdateItem", |
| 51 | + "dynamodb:DeleteItem", |
| 52 | + "dynamodb:Query" |
| 53 | + ], |
| 54 | + "Resource": [ |
| 55 | + pulumi.Output.format("{}",dynamodb_table.arn), |
| 56 | + pulumi.Output.format("{}/*",dynamodb_table.arn) # Include index access |
| 57 | + ] |
46 | 58 | } |
47 | 59 | ] |
48 | | - } |
| 60 | + }) |
49 | 61 | ) |
50 | 62 |
|
51 | 63 | # Attach the policy to the Lambda execution role |
|
55 | 67 | ) |
56 | 68 |
|
57 | 69 | # Define a DynamoDB table |
58 | | -dynamodb_table = aws.dynamodb.Table(f"todo-{environment}", |
59 | | - hash_key="id", # Partition key |
60 | | - range_key="timestamp", # Sort key |
| 70 | +# Define DynamoDB Table |
| 71 | +dynamodb_table = aws.dynamodb.Table( |
| 72 | + f"todo-{environment}", |
| 73 | + name=f"todo-{environment}", # Explicit table name |
| 74 | + hash_key="id", |
| 75 | + range_key="timestamp", |
61 | 76 | attributes=[ |
62 | 77 | aws.dynamodb.TableAttributeArgs( |
63 | 78 | name="id", |
64 | | - type="S" # S for string |
| 79 | + type="S" |
65 | 80 | ), |
66 | 81 | aws.dynamodb.TableAttributeArgs( |
67 | 82 | name="timestamp", |
68 | | - type="N" # N for number |
| 83 | + type="N" |
69 | 84 | ), |
70 | 85 | ], |
71 | | - billing_mode="PAY_PER_REQUEST", # Use on-demand mode (no provisioned throughput) |
| 86 | + billing_mode="PAY_PER_REQUEST", |
72 | 87 | tags={ |
73 | | - "Environment": "dev", |
| 88 | + "Environment": environment, |
74 | 89 | "Created_By": "Pulumi" |
75 | 90 | } |
76 | 91 | ) |
|
0 commit comments