VED-726: Apply consistent permissions for the DPS account in all environments. (#740)

mfjarvis · mfjarvis · commit 5312d5bcbddb · 2025-08-15T15:24:27.000+01:00
diff --git a/terraform/dps_role_creation.tf b/terraform/dps_role_creation.tf
@@ -22,14 +22,9 @@ resource "aws_iam_role_policy" "dynamo_s3_access_policy" {
     Statement = [
       {
         Effect = "Allow",
-        Action = var.environment == "prod" ? [
-          "dynamodb:GetItem",
-          "dynamodb:Query"
-          ] : [
+        Action = [
           "dynamodb:BatchGetItem",
           "dynamodb:GetItem",
-          "dynamodb:PutItem",
-          "dynamodb:UpdateItem",
           "dynamodb:Query"
         ],
         Resource = [
