From eda49f9c77ab908eed66dc0b32c0a3283fc97bcf Mon Sep 17 00:00:00 2001
From: Jye Cusch <jye.cusch@nitric.io>
Date: Tue, 27 Feb 2024 21:29:51 +1100
Subject: [PATCH] add scan permission for kv read

required to allow 'keys' method to scan for keys
---
 cloud/aws/deploy/policy.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/cloud/aws/deploy/policy.go b/cloud/aws/deploy/policy.go
index efa196fc6..36ad1df0c 100644
--- a/cloud/aws/deploy/policy.go
+++ b/cloud/aws/deploy/policy.go
@@ -58,6 +58,7 @@ var awsActionsMap map[resourcespb.Action][]string = map[resourcespb.Action][]str
 	resourcespb.Action_KeyValueStoreRead: {
 		"dynamodb:GetItem",
 		"dynamodb:BatchGetItem",
+		"dynamodb:Scan", // required to scan keys
 	},
 	resourcespb.Action_KeyValueStoreWrite: {
 		"dynamodb:UpdateItem",