[PRMP-1587] - Remove DeleteItem and BatchWriteItem from iam policy

MohammadIqbalAD-NHS · MohammadIqbalAD-NHS · commit b79cd80b9bf5 · 2025-03-10T14:38:57.000Z
diff --git a/infrastructure/modules/dynamo_db/main.tf b/infrastructure/modules/dynamo_db/main.tf
@@ -122,13 +122,11 @@ data "aws_iam_policy_document" "dynamodb_write_policy" {
   }
 }
 
-data "aws_iam_policy_document" "dynamodb_write_without_update_policy" {
+data "aws_iam_policy_document" "dynamodb_put_item_policy" {
   statement {
     effect = "Allow"
     actions = [
-      "dynamodb:PutItem",
-      "dynamodb:DeleteItem",
-      "dynamodb:BatchWriteItem"
+      "dynamodb:PutItem"
     ]
     resources = [
       aws_dynamodb_table.ndr_dynamodb_table.arn,

Original file line number	Diff line number	Diff line change
`@@ -122,13 +122,11 @@ data "aws_iam_policy_document" "dynamodb_write_policy" {`
`122`	`122`	`}`
`123`	`123`	`}`
`124`	`124`
`125`		`-data "aws_iam_policy_document" "dynamodb_write_without_update_policy" {`
	`125`	`+data "aws_iam_policy_document" "dynamodb_put_item_policy" {`
`126`	`126`	`statement {`
`127`	`127`	`effect = "Allow"`
`128`	`128`	`actions = [`
`129`		`- "dynamodb:PutItem",`
`130`		`- "dynamodb:DeleteItem",`
`131`		`- "dynamodb:BatchWriteItem"`
	`129`	`+ "dynamodb:PutItem"`
`132`	`130`	`]`
`133`	`131`	`resources = [`
`134`	`132`	`aws_dynamodb_table.ndr_dynamodb_table.arn,`