Adding IAM permissions

chanzuckerberg · Mar 30, 2023 · 0505f4e · 0505f4e
1 parent 5d23acc
commit 0505f4e
Showing 1 changed file with 17 additions and 3 deletions.
diff --git a/.happy/terraform/modules/ecs-stack/main.tf b/.happy/terraform/modules/ecs-stack/main.tf
@@ -176,11 +176,11 @@ module plugin_dynamodb_table {
                           },
                           {
                             name = "is_latest"
-                            type = "S"
+                            type = "S" #terraform only supports String, Number or Binary for primary key attribute
                           },
                           {
                             name = "excluded"
-                            type = "S" #primary key attribute must be a String, Number or Binary. So this is set to S.
+                            type = "S"
                           }
                         ]
 
@@ -453,6 +453,8 @@ data aws_iam_policy_document backend_policy {
       module.install_dynamodb_table.table_arn,
       module.github_dynamodb_table.table_arn,
       module.category_dynamodb_table.table_arn,
+      module.plugin_dynamodb_table.table_arn,
+      module.plugin_blocked_dynamodb_table.table_arn
     ]
   }
 
@@ -473,7 +475,11 @@ data aws_iam_policy_document data_workflows_policy {
       "dynamodb:Query",
       "dynamodb:BatchWriteItem",
     ]
-    resources = [module.install_dynamodb_table.table_arn]
+    resources = [
+      module.install_dynamodb_table.table_arn,
+      module.plugin_dynamodb_table.table_arn,
+      module.plugin_blocked_dynamodb_table.table_arn
+    ]
   }
   statement {
     actions = [
@@ -509,6 +515,14 @@ data aws_iam_policy_document plugins_policy {
 
     resources = ["${local.data_bucket_arn}"]
   }
+
+  statement {
+    actions = [
+      "dynamodb:Query",
+      "dynamodb:PutItem",
+    ]
+    resources = [module.plugin_dynamodb_table.table_arn]
+  }
 }
 
 data aws_iam_policy_document data_workflows_sqs_policy {