diff --git a/samtranslator/policy_templates_data/policy_templates.json b/samtranslator/policy_templates_data/policy_templates.json index f44f171ad6..322cb8ff8c 100644 --- a/samtranslator/policy_templates_data/policy_templates.json +++ b/samtranslator/policy_templates_data/policy_templates.json @@ -609,12 +609,11 @@ "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - "dynamodb:ListStreams" + "dynamodb:GetShardIterator" ], "Resource": { "Fn::Sub": [ - "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/${streamName}", + "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/stream/${streamName}", { "tableName": { "Ref": "TableName" @@ -625,6 +624,22 @@ } ] } + }, + { + "Effect": "Allow", + "Action": [ + "dynamodb:ListStreams" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/stream/*", + { + "tableName": { + "Ref": "TableName" + } + } + ] + } } ] } diff --git a/tests/translator/output/all_policy_templates.json b/tests/translator/output/all_policy_templates.json index 7d2c5eb01b..378afda564 100644 --- a/tests/translator/output/all_policy_templates.json +++ b/tests/translator/output/all_policy_templates.json @@ -468,12 +468,11 @@ "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - "dynamodb:ListStreams" + "dynamodb:GetShardIterator" ], "Resource": { "Fn::Sub": [ - "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/${streamName}", + "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/stream/${streamName}", { "streamName": "name", "tableName": "name" @@ -481,6 +480,20 @@ ] }, "Effect": "Allow" + }, + { + "Action": [ + "dynamodb:ListStreams" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/stream/*", + { + "tableName": "name" + } + ] + }, + "Effect": "Allow" } ] } diff --git a/tests/translator/output/aws-cn/all_policy_templates.json b/tests/translator/output/aws-cn/all_policy_templates.json index 348e296004..4ca463fcbb 100644 --- a/tests/translator/output/aws-cn/all_policy_templates.json +++ b/tests/translator/output/aws-cn/all_policy_templates.json @@ -467,12 +467,11 @@ "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - "dynamodb:ListStreams" + "dynamodb:GetShardIterator" ], "Resource": { "Fn::Sub": [ - "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/${streamName}", + "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/stream/${streamName}", { "streamName": "name", "tableName": "name" @@ -480,6 +479,20 @@ ] }, "Effect": "Allow" + }, + { + "Action": [ + "dynamodb:ListStreams" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/stream/*", + { + "tableName": "name" + } + ] + }, + "Effect": "Allow" } ] } diff --git a/tests/translator/output/aws-us-gov/all_policy_templates.json b/tests/translator/output/aws-us-gov/all_policy_templates.json index c46e42d2a5..9322a6bd57 100644 --- a/tests/translator/output/aws-us-gov/all_policy_templates.json +++ b/tests/translator/output/aws-us-gov/all_policy_templates.json @@ -467,12 +467,11 @@ "Action": [ "dynamodb:DescribeStream", "dynamodb:GetRecords", - "dynamodb:GetShardIterator", - "dynamodb:ListStreams" + "dynamodb:GetShardIterator" ], "Resource": { "Fn::Sub": [ - "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/${streamName}", + "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/stream/${streamName}", { "streamName": "name", "tableName": "name" @@ -480,6 +479,20 @@ ] }, "Effect": "Allow" + }, + { + "Action": [ + "dynamodb:ListStreams" + ], + "Resource": { + "Fn::Sub": [ + "arn:${AWS::Partition}:dynamodb:${AWS::Region}:${AWS::AccountId}:table/${tableName}/stream/*", + { + "tableName": "name" + } + ] + }, + "Effect": "Allow" } ] }