Make preprod same as prod (#434)

Karthikeyannhs · web-flow · commit 501e5c4c311a · 2025-10-15T12:15:49.000+01:00
* preprod permissions

* fix remove poetry dependency in preprod step
diff --git a/.github/workflows/base-deploy.yml b/.github/workflows/base-deploy.yml
@@ -241,7 +241,9 @@ jobs:
           INPUT_RELEASE_TYPE: ${{ inputs.release_type }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GITHUB_REPOSITORY: ${{ github.repository }}
-        run: poetry run python scripts/workflow/tag_and_release.py
+        run: |
+          pip install requests
+          python scripts/workflow/tag_and_release.py
 
 
   regression-tests:
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -100,6 +100,7 @@ resource "aws_iam_policy" "dynamodb_management" {
             "dynamodb:DescribeTimeToLive",
             "dynamodb:DescribeTable",
             "dynamodb:DescribeContinuousBackups",
+            "dynamodb:UpdateContinuousBackups",
             "dynamodb:ListTables",
             "dynamodb:DeleteTable",
             "dynamodb:CreateTable",
diff --git a/infrastructure/stacks/iams-developer-roles/iams_permissions_boundary.tf b/infrastructure/stacks/iams-developer-roles/iams_permissions_boundary.tf
@@ -38,6 +38,7 @@ data "aws_iam_policy_document" "permissions_boundary" {
       "dynamodb:UntagResource",
       "dynamodb:ListTagsOfResource",
       "dynamodb:UpdateTable",
+      "dynamodb:UpdateContinuousBackups",
 
       # EC2 - networking infrastructure
       "ec2:Describe*",
