terraform cdk equivalent for grantReadWriteData (available in aws-cdk)

Question

I am new to Terraform and also CDKTF. I have worked with “regular” AWS CDK.

In AWS CDK you have methods like grantReadWriteData ( IAM principal example ). E.g. if you have a dynamodb table where you want to give a Lambda function readwrite permissions you can call something like this: table.grantReadWriteData(postFunction);

Does anything like this exists on CDK TF or do we have to write those policy statements our selves and add them to a lambda function role?

i cant find much documentation in terraform for this

score 1 · Answer 1 · answered Sep 02 '22 at 20:56

1

There isn't anything like that in terms of a fluent interface for libraries generated from a provider or module but I would definitely recommend looking into iam-floyd for a similar type of fluent interface.

answered Sep 02 '22 at 20:56

Eric Tucker

6,144
1
22
36

score 1 · Answer 2 · answered Sep 03 '22 at 07:32

Like this function table.grantReadWriteData(postFunction); using AWS CDK L2 Construct Library method to help you generate iam policy and attach policy at lamdba Function execute role.

The L2 construct library of CDKTF is not yet widespread for now. So you need to define permission like this way.

And if you want to use CDKTF to deploy/manage AWS Resource, maybe you can take a look https://www.terraform.io/cdktf/create-and-deploy/aws-adapter.

terraform cdk equivalent for grantReadWriteData (available in aws-cdk)

2 Answers2