Add missing permissions to read and write to table

kris-szlapa · kris-szlapa · commit 2de87f2e0c0f · 2025-08-15T09:00:59.000Z
diff --git a/packages/cdk/resources/IamResources.ts b/packages/cdk/resources/IamResources.ts
@@ -154,18 +154,23 @@ export class IamResources extends Construct {
       actions: [
         "dynamodb:GetItem",
         "dynamodb:PutItem",
-        "dynamodb:UpdateItem",
         "dynamodb:DeleteItem",
         "dynamodb:Query",
-        "dynamodb:Scan"
+        "dynamodb:Scan",
+        "dynamodb:BatchGetItem",
+        "dynamodb:BatchWriteItem",
+        "dynamodb:UpdateItem"
       ],
       resources: [props.slackBotStateTableArn]
     })
 
     const slackBotKmsPolicy = new PolicyStatement({
       actions: [
+        "kms:Encrypt",
         "kms:Decrypt",
-        "kms:GenerateDataKey"
+        "kms:ReEncrypt*",
+        "kms:GenerateDataKey*",
+        "kms:DescribeKey"
       ],
       resources: [props.slackBotStateTableKmsKeyArn]
     })
