Skip to content

Instantly share code, notes, and snippets.

@andrisro

andrisro/dynamodb_with_policies.tf

Created May 14, 2019 18:49
Show Gist options
  • Save andrisro/b2673851f0cfdfee3460c029a1817042 to your computer and use it in GitHub Desktop.
Save andrisro/b2673851f0cfdfee3460c029a1817042 to your computer and use it in GitHub Desktop.
Download ZIP
fullaccessdynamodb terraform lambda
Raw
dynamodb_with_policies.tf
# Im Nachhinein muss man hier natuerlich noch die Policies einschränken!
resource "aws_dynamodb_table" "documents_upload_table"{
name ="${local.documents_upload_db_name}"
billing_mode = "PROVISIONED"
read_capacity = 1
write_capacity = 1
hash_key = "HASHKEYNAME"
attribute {
name = "HASHKEYNAME"
type = "S"
}
}
resource "aws_iam_role_policy_attachment" "dynamodbs_full_access" {
role = "${aws_iam_role.lambda_service_role.name}"
policy_arn = "${aws_iam_policy.dynamodbs_full_access.arn}"
}
resource "aws_iam_policy" "dynamodbs_full_access" {
name = "${local.env}-dynamodbs_full_access_policy"
policy = "${data.aws_iam_policy_document.dynamodbs_full_access.json}"
}
# cf. siehe https://www.terraform.io/docs/providers/aws/d/iam_policy_document.html
data "aws_iam_policy_document" "dynamodbs_full_access" {
statement {
effect = "Allow"
actions = [
"dynamodb:*",
"dax:*"]
resources = [
"${aws_dynamodb_table.YOURTABLE.arn}",
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment