I noticed whilst deploying recently that a feature I was using for DynamoDB using ConditionCheck for write transactions is not allowed out of the box with lift. I can't see any documentation as to why this is the case and believe it is an oversight as it is a useful feature when writing transacted statements with dynamodb, see this aws article for details:
I noticed whilst deploying recently that a feature I was using for DynamoDB using
ConditionCheckfor write transactions is not allowed out of the box with lift. I can't see any documentation as to why this is the case and believe it is an oversight as it is a useful feature when writing transacted statements with dynamodb, see this aws article for details:https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/transaction-apis-iam.html
The offending line is: https://github.com/getlift/lift/blob/71b15804ec24bceda35e8a1cf6fe48f2c32567eb/src/constructs/aws/DatabaseDynamoDBSingleTable.ts#LL88C29-L88C29
I believe simply adding
"dynamodb:ConditionCheckItem"would enable this feature without having to modify the default permissions manually.