Skip to content

Commit 4f71a17

Browse files
JohanZackrissonbrettstack
authored andcommitted
feat(policy-templates): add DynamoDBReconfigurePolicy (#615)
Add DynamoDBReconfigurePolicy, which grants the user access to dynamodb:UpdateTable https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_UpdateTable.html
1 parent 9a44d23 commit 4f71a17

File tree

5 files changed

+94
-0
lines changed

5 files changed

+94
-0
lines changed

samtranslator/policy_templates_data/policy_templates.json

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -177,6 +177,34 @@
177177
]
178178
}
179179
},
180+
"DynamoDBReconfigurePolicy": {
181+
"Description": "Gives access reconfigure to a DynamoDB Table",
182+
"Parameters": {
183+
"TableName": {
184+
"Description": "Name of the DynamoDB Table"
185+
}
186+
},
187+
"Definition": {
188+
"Statement": [
189+
{
190+
"Effect": "Allow",
191+
"Action": [
192+
"dynamodb:UpdateTable"
193+
],
194+
"Resource": {
195+
"Fn::Sub": [
196+
"arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}",
197+
{
198+
"tableName": {
199+
"Ref": "TableName"
200+
}
201+
}
202+
]
203+
}
204+
}
205+
]
206+
}
207+
},
180208
"SESSendBouncePolicy": {
181209
"Description": "Gives SendBounce permission to a SES identity",
182210
"Parameters": {

tests/translator/input/all_policy_templates.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -129,3 +129,6 @@ Resources:
129129
- CostExplorerReadOnlyPolicy: {}
130130

131131
- OrganizationsListAccountsPolicy: {}
132+
133+
- DynamoDBReconfigurePolicy:
134+
TableName: name

tests/translator/output/all_policy_templates.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1086,6 +1086,27 @@
10861086
}
10871087
]
10881088
}
1089+
},
1090+
{
1091+
"PolicyName": "KitchenSinkFunctionRolePolicy44",
1092+
"PolicyDocument": {
1093+
"Statement": [
1094+
{
1095+
"Action": [
1096+
"dynamodb:UpdateTable"
1097+
],
1098+
"Resource": {
1099+
"Fn::Sub": [
1100+
"arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}",
1101+
{
1102+
"tableName": "name"
1103+
}
1104+
]
1105+
},
1106+
"Effect": "Allow"
1107+
}
1108+
]
1109+
}
10891110
}
10901111
],
10911112
"AssumeRolePolicyDocument": {

tests/translator/output/aws-cn/all_policy_templates.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1085,6 +1085,27 @@
10851085
}
10861086
]
10871087
}
1088+
},
1089+
{
1090+
"PolicyName": "KitchenSinkFunctionRolePolicy44",
1091+
"PolicyDocument": {
1092+
"Statement": [
1093+
{
1094+
"Action": [
1095+
"dynamodb:UpdateTable"
1096+
],
1097+
"Resource": {
1098+
"Fn::Sub": [
1099+
"arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}",
1100+
{
1101+
"tableName": "name"
1102+
}
1103+
]
1104+
},
1105+
"Effect": "Allow"
1106+
}
1107+
]
1108+
}
10881109
}
10891110
],
10901111
"AssumeRolePolicyDocument": {

tests/translator/output/aws-us-gov/all_policy_templates.json

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1086,6 +1086,27 @@
10861086
}
10871087
]
10881088
}
1089+
},
1090+
{
1091+
"PolicyName": "KitchenSinkFunctionRolePolicy44",
1092+
"PolicyDocument": {
1093+
"Statement": [
1094+
{
1095+
"Action": [
1096+
"dynamodb:UpdateTable"
1097+
],
1098+
"Resource": {
1099+
"Fn::Sub": [
1100+
"arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}",
1101+
{
1102+
"tableName": "name"
1103+
}
1104+
]
1105+
},
1106+
"Effect": "Allow"
1107+
}
1108+
]
1109+
}
10891110
}
10901111
],
10911112
"AssumeRolePolicyDocument": {

0 commit comments

Comments
 (0)