Merge pull request #401 from NHSDigital/bugfix/eja-add-dynamo-update-permission-for-github

bugfix - adding dynamoDB UpdateTable permissions to the Github OID role, to unblock dev deployments

Author: eddalmond1

infrastructure/stacks/iams-developer-roles/github_actions_policies.tf

@@ -105,6 +105,7 @@ resource "aws_iam_policy" "dynamodb_management" {
             "dynamodb:CreateTable",
             "dynamodb:TagResource",
             "dynamodb:ListTagsOfResource",
+            "dynamodb:UpdateTable",
           ],
           Resource = [
             "arn:aws:dynamodb:*:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"

infrastructure/stacks/iams-developer-roles/iams_permissions_boundary.tf

@@ -36,6 +36,7 @@ data "aws_iam_policy_document" "permissions_boundary" {
       "dynamodb:CreateTable",
       "dynamodb:TagResource",
       "dynamodb:ListTagsOfResource",
+      "dynamodb:UpdateTable",
 
       # EC2 - networking infrastructure
       "ec2:Describe*",