AWS CDK Grant Lambda DynamoDB FullAccess

Question

I have a lambda which I want to be able to create dynamo db tables (not just access but also create tables with dynamic names).

const lambdaA = new lambda.Function(this, 'lambda-a', {
  functionName: 'lambda-a',
  memorySize: 256,
  runtime: lambda.Runtime.NODEJS_12_X,
  handler: 'index.handler',
  code: lambda.Code.fromAsset(path.join(require.resolve('/lambda-a'), '..')),
});

How can I do this with AWS CDK?

I guess I need to somehow add the policy AmazonDynamoDBFullAccess (or some other policy to allow creating tables) to the lambda's execution role.

maafk maafk · Accepted Answer · 2020-12-03T02:14:47

Can do something like this

const lambdaARole = new iam.Role(this, 'LambdaRole', {
  assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
});

lambdaARole.addManagedPolicy(
  ManagedPolicy.fromAwsManagedPolicyName('AmazonDynamoDBFullAccess')
);

const lambdaA = new lambda.Function(this, 'lambda-a', {
  functionName: 'lambda-a',
  memorySize: 256,
  runtime: lambda.Runtime.NODEJS_12_X,
  handler: 'index.handler',
  code: lambda.Code.fromAsset(path.join(require.resolve('/lambda-a'), '..')),
  role: lambdaARole,
});

AWS CDK Grant Lambda DynamoDB FullAccess

1 Answers