const limitedReadAccessPolicy = createPolicy(
"product-table-read-access",
allow(
["dynamodb:Get*", "dynamodb:Query"],
[table.arn, interpolate`${table.arn}/index/*`]
)
);
vs resource "aws_iam_policy" "product_read_access" {
name = "madu_${var.env_name}_product_read"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"dynamodb:Get*",
"dynamodb:Query"
],
"Effect": "Allow",
"Resource": [
"${aws_dynamodb_table.products.arn}",
"${aws_dynamodb_table.products.arn}/index/*"
]
}
]
}
EOF
}