1 Answer
- Newest
- Most votes
- Most comments
1
That is the current expected behavior:
-
BatchGetItem
-
GetRecords
-
GetShardIterator
-
Query
-
GetItem
-
Scan
-
BatchWriteItem
-
PutItem
-
UpdateItem
-
DeleteItem
Whereas grantFullAccess simply allows all: Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.
In order to allow PartiQL operations you can do the following:
table.grant(my_lambda, 'dynamodb:PartiQLSelect');
Moreover, you can contribute to CDK to make amends as it is open source, or simply create a feature request on the GitHub: https://github.com/aws/aws-cdk
Relevant content
- Accepted Answerasked a year ago
- Accepted Answerasked 4 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 2 months ago
- What's the difference between Lambda function execution role permissions and invocation permissions?AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 3 years ago