Conditionalize DynamoDB access in document review modules for non-production environments

NogaNHS · NogaNHS · commit bb9111afa8be · 2025-11-19T14:44:22.000Z
Signed-off-by: NogaNHS &lt;127490765+NogaNHS@users.noreply.github.com&gt;
diff --git a/infrastructure/lambda-get-document-review.tf b/infrastructure/lambda-get-document-review.tf
@@ -6,7 +6,7 @@ module "get_document_review_lambda" {
     module.ndr-app-config.app_config_policy,
     module.cloudfront_edge_dynamodb_table.dynamodb_read_policy_document,
     module.cloudfront_edge_dynamodb_table.dynamodb_write_policy_document,
-    module.document_review_dynamodb_table.dynamodb_read_policy_document,
+    local.is_production ? "" : module.document_review_dynamodb_table[0].dynamodb_read_policy_document,
     aws_iam_policy.ssm_access_policy.policy
   ]
 
@@ -21,7 +21,7 @@ module "get_document_review_lambda" {
     APPCONFIG_APPLICATION         = module.ndr-app-config.app_config_application_id
     APPCONFIG_ENVIRONMENT         = module.ndr-app-config.app_config_environment_id
     APPCONFIG_CONFIGURATION       = module.ndr-app-config.app_config_configuration_profile_id
-    DOCUMENT_REVIEW_DYNAMODB_NAME = module.document_review_dynamodb_table.table_name
+    DOCUMENT_REVIEW_DYNAMODB_NAME = local.is_production ? "" : module.document_review_dynamodb_table[0].table_name
     EDGE_REFERENCE_TABLE          = module.cloudfront_edge_dynamodb_table.table_name
     CLOUDFRONT_URL                = module.cloudfront-distribution-lg.cloudfront_url
     PRESIGNED_ASSUME_ROLE         = aws_iam_role.get_document_review_presign.arn
diff --git a/infrastructure/lambda-patch-document-review.tf b/infrastructure/lambda-patch-document-review.tf
@@ -4,8 +4,8 @@ module "patch_document_review_lambda" {
   handler = "handlers.patch_document_review_handler.lambda_handler"
   iam_role_policy_documents = [
     module.ndr-app-config.app_config_policy,
-    module.document_review_dynamodb_table.dynamodb_write_policy_document,
-    module.document_review_dynamodb_table.dynamodb_read_policy_document,
+    local.is_production ? "" : module.document_review_dynamodb_table[0].dynamodb_write_policy_document,
+    local.is_production ? "" : module.document_review_dynamodb_table[0].dynamodb_read_policy_document,
     aws_iam_policy.ssm_access_policy.policy,
   ]
 
@@ -20,7 +20,7 @@ module "patch_document_review_lambda" {
     APPCONFIG_APPLICATION         = module.ndr-app-config.app_config_application_id
     APPCONFIG_ENVIRONMENT         = module.ndr-app-config.app_config_environment_id
     APPCONFIG_CONFIGURATION       = module.ndr-app-config.app_config_configuration_profile_id
-    DOCUMENT_REVIEW_DYNAMODB_NAME = module.document_review_dynamodb_table.table_name
+    DOCUMENT_REVIEW_DYNAMODB_NAME = local.is_production ? "" : module.document_review_dynamodb_table[0].table_name
     WORKSPACE                     = terraform.workspace
   }
   depends_on = [
diff --git a/infrastructure/lambda-search-document-review.tf b/infrastructure/lambda-search-document-review.tf
@@ -4,7 +4,7 @@ module "search_document_review_lambda" {
   handler = "handlers.search_document_review_handler.lambda_handler"
   iam_role_policy_documents = [
     module.ndr-app-config.app_config_policy,
-    module.document_review_dynamodb_table.dynamodb_read_policy_document,
+    local.is_production ? "" : module.document_review_dynamodb_table[0].dynamodb_read_policy_document,
     aws_iam_policy.ssm_access_policy.policy
   ]
 
@@ -19,7 +19,7 @@ module "search_document_review_lambda" {
     APPCONFIG_APPLICATION         = module.ndr-app-config.app_config_application_id
     APPCONFIG_ENVIRONMENT         = module.ndr-app-config.app_config_environment_id
     APPCONFIG_CONFIGURATION       = module.ndr-app-config.app_config_configuration_profile_id
-    DOCUMENT_REVIEW_DYNAMODB_NAME = module.document_review_dynamodb_table.table_name
+    DOCUMENT_REVIEW_DYNAMODB_NAME = local.is_production ? "" : module.document_review_dynamodb_table[0].table_name
     WORKSPACE                     = terraform.workspace
 
 
