Open nekvinder opened 2 years ago
After checking the corresponding function, I think that it will probably work if the following two actions are added. i will embark on this.
dynamodb:DescribeTable
dynamodb: UpdateTable
This issue was for the existing Table
construct, which used custom resources to implement table replication. We no longer recommend the use of the Table
construct.
Instead, the TableV2
construct has been released in 2.95.1 (#27023) which maps to the AWS::DynamoDB::GlobalTable
resource, has better support for replication and does not suffer from the issue described here.
Be aware that there are additional deployment steps involved in a migration from Table
to TableV2
. You need to do a RETAIN deployment, a delete deployment, then change the code to use TableV2
and then use cdk import
. A link to a full guide will be posted once it is available.
Here are some other resources to get you started (using CfnGlobalTable
instead of TableV2
) if you want to get going on the migration:
Describe the bug
Aws CDK's DynamoDB Table generated resources are not compliant with Security Hub policy IAM.21 - https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-iam-21
The CDK generates a policy with wildcard actions for dynamodb actions as
dynamodb:*
The following are the related policy description:DynamoDB replication managed policy for table <table_name>
https://github.com/aws/aws-cdk/blob/75bfce70dbc57fe688c96b3c5cbb67fc4e6fcc56/packages/@aws-cdk/aws-dynamodb/lib/table.ts#L1579-L1583
Expected Behavior
The attached policies should describe each required action in them.
Current Behavior
The CDK generates a policy with wildcard actions for dynamodb actions as
dynamodb:*
Reproduction Steps
Possible Solution
Put the exact actions required here.
https://github.com/aws/aws-cdk/blob/75bfce70dbc57fe688c96b3c5cbb67fc4e6fcc56/packages/@aws-cdk/aws-dynamodb/lib/table.ts#L1583
Additional Information/Context
No response
CDK CLI Version
2.20.0
Framework Version
No response
Node.js Version
14.19.1
OS
Ubuntu 22.04 LTS
Language
Typescript
Language Version
3.9.7
Other information
No response