From baeafa1e863a43b48ad4e987b9c10ad3e12343a3 Mon Sep 17 00:00:00 2001 From: Mark Woolley Date: Fri, 1 Oct 2021 17:17:22 +0100 Subject: [PATCH 1/3] DynamoDB permissions fix --- aws/policy/data-services.yaml | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/aws/policy/data-services.yaml b/aws/policy/data-services.yaml index 89ac38b1..551561f9 100644 --- a/aws/policy/data-services.yaml +++ b/aws/policy/data-services.yaml @@ -9,6 +9,7 @@ Statement: - dynamodb:Scan - dynamodb:ListTables - dynamodb:DescribeTable + - dynamodb:ListTagsOfResource - glue:GetConnection - glue:CreateConnection - glue:DeleteConnection @@ -31,8 +32,6 @@ Statement: - dynamodb:DeleteTable - dynamodb:DescribeContinuousBackups - dynamodb:GetItem - - dynamodb:ListTables - - dynamodb:ListTagsOfResource - dynamodb:PutItem - dynamodb:TagResource - dynamodb:UntagResource @@ -92,7 +91,7 @@ Statement: - rds:DeleteOptionGroup Resource: - 'arn:aws:dms:{{ aws_region }}:{{ aws_account_id }}:subgrp:*' - - 'arn:aws:dynamodb:{{ aws_region }}:{{ aws_account_id }}:table/*' + - 'arn:aws:dynamodb:{{ aws_region }}:{{ aws_account_id }}:table*' - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:cluster:*' - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:subnetgroup:*' - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:parametergroup:*' From 7aa342c762476ff5cf2ec8a809468136e566e7a5 Mon Sep 17 00:00:00 2001 From: Mark Woolley Date: Fri, 1 Oct 2021 17:20:15 +0100 Subject: [PATCH 2/3] Update data-services.yaml --- aws/policy/data-services.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/policy/data-services.yaml b/aws/policy/data-services.yaml index 551561f9..456398ff 100644 --- a/aws/policy/data-services.yaml +++ b/aws/policy/data-services.yaml @@ -91,7 +91,7 @@ Statement: - rds:DeleteOptionGroup Resource: - 'arn:aws:dms:{{ aws_region }}:{{ aws_account_id }}:subgrp:*' - - 'arn:aws:dynamodb:{{ aws_region }}:{{ aws_account_id }}:table*' + - 'arn:aws:dynamodb:{{ aws_region }}:{{ aws_account_id }}:table:*' - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:cluster:*' - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:subnetgroup:*' - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:parametergroup:*' From 47b7458f9a432cac339585f94c4459e6101b9501 Mon Sep 17 00:00:00 2001 From: Mark Woolley Date: Fri, 1 Oct 2021 17:32:00 +0100 Subject: [PATCH 3/3] revert tweak --- aws/policy/data-services.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/policy/data-services.yaml b/aws/policy/data-services.yaml index 456398ff..3353282b 100644 --- a/aws/policy/data-services.yaml +++ b/aws/policy/data-services.yaml @@ -91,7 +91,7 @@ Statement: - rds:DeleteOptionGroup Resource: - 'arn:aws:dms:{{ aws_region }}:{{ aws_account_id }}:subgrp:*' - - 'arn:aws:dynamodb:{{ aws_region }}:{{ aws_account_id }}:table:*' + - 'arn:aws:dynamodb:{{ aws_region }}:{{ aws_account_id }}:table/*' - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:cluster:*' - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:subnetgroup:*' - 'arn:aws:elasticache:{{ aws_region }}:{{ aws_account_id }}:parametergroup:*'