eli-417 permission for preprod db seeding (#322)

Karthikeyannhs · web-flow · commit 6fbb11208965 · 2025-09-01T15:14:41.000+01:00
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -117,7 +117,8 @@ resource "aws_iam_policy" "dynamodb_management" {
             "dynamodb:PutItem",
             "dynamodb:DeleteItem",
             "dynamodb:Scan",
-            "dynamodb:BatchWriteItem"
+            "dynamodb:BatchWriteItem",
+            "dynamodb:Query"
           ],
           Resource = [
             "arn:aws:dynamodb:*:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"
diff --git a/infrastructure/stacks/iams-developer-roles/iams_permissions_boundary.tf b/infrastructure/stacks/iams-developer-roles/iams_permissions_boundary.tf
@@ -244,7 +244,8 @@ data "aws_iam_policy_document" "permissions_boundary" {
         "dynamodb:PutItem",
         "dynamodb:DeleteItem",
         "dynamodb:Scan",
-        "dynamodb:BatchWriteItem"
+        "dynamodb:BatchWriteItem",
+        "dynamodb:Query"
       ]
       resources = ["*"]
     }

Original file line number	Diff line number	Diff line change
`@@ -244,7 +244,8 @@ data "aws_iam_policy_document" "permissions_boundary" {`
`244`	`244`	`"dynamodb:PutItem",`
`245`	`245`	`"dynamodb:DeleteItem",`
`246`	`246`	`"dynamodb:Scan",`
`247`		`- "dynamodb:BatchWriteItem"`
	`247`	`+ "dynamodb:BatchWriteItem",`
	`248`	`+ "dynamodb:Query"`
`248`	`249`	`]`
`249`	`250`	`resources = ["*"]`
`250`	`251`	`}`