From 0db4f28a16dff14e0a3f2d78576abecbad4d18fe Mon Sep 17 00:00:00 2001
From: Kris Bloe <kris.bloe@answerdigital.com>
Date: Tue, 2 Apr 2024 14:39:52 +0100
Subject: [PATCH] Added policy attachment for readin DynamoDB indexes

---
 terraform-db-roles/dynamodb.tf | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/terraform-db-roles/dynamodb.tf b/terraform-db-roles/dynamodb.tf
index ca3913b0..9e8dd235 100644
--- a/terraform-db-roles/dynamodb.tf
+++ b/terraform-db-roles/dynamodb.tf
@@ -22,3 +22,24 @@ resource "aws_iam_role_policy_attachment" "dynamodb_application_user_policy_atta
   role       = "${var.environment}-${var.component_name}-EcsTaskRole"
   policy_arn = aws_iam_policy.ehr_transfer_tracker_db_access.arn
 }
+
+data "aws_iam_policy_document" "transfer_tracker_indexes_access" {
+  statement {
+    actions = [
+      "dynamodb:Query"
+    ]
+    resources = [
+      "arn:aws:dynamodb:${var.region}:${data.aws_caller_identity.current.account_id}:table/${var.environment}-ehr-transfer-tracker/index/*"
+    ]
+  }
+}
+
+resource "aws_iam_policy" "transfer_tracker_indexes_access" {
+  name   = "${var.environment}-${var.component_name}-transfer-tracker-indexes-access"
+  policy = data.aws_iam_policy_document.transfer_tracker_indexes_access.json
+}
+
+resource "aws_iam_role_policy_attachment" "ecs_dynamo_indexes" {
+  role       = "${var.environment}-${var.component_name}-EcsTaskRole"
+  policy_arn = aws_iam_policy.transfer_tracker_indexes_access.arn
+}