Merge pull request #6684 from guardian/payment-api-supporter-product-…

…data-permissions PROD payment api needs to be able to write to CODE SupporterProductData dynamo table for test users
guardian · Jan 13, 2025 · 8061374 · 8061374
2 parents 9e76176 + 00c0c72
commit 8061374
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 4 deletions.
diff --git a/cdk/lib/__snapshots__/payment-api.test.ts.snap b/cdk/lib/__snapshots__/payment-api.test.ts.snap
diff --git a/cdk/lib/payment-api.ts b/cdk/lib/payment-api.ts
@@ -122,9 +122,13 @@ export class PaymentApi extends GuStack {
               "dynamodb:Query",
               "dynamodb:DescribeTable",
             ],
-            resources: [
-              `arn:aws:dynamodb:*:*:table/SupporterProductData-${this.stage}`,
-            ],
+            resources:
+              this.stage === "PROD"
+                ? [
+                    "arn:aws:dynamodb:*:*:table/SupporterProductData-PROD",
+                    "arn:aws:dynamodb:*:*:table/SupporterProductData-CODE",
+                  ]
+                : ["arn:aws:dynamodb:*:*:table/SupporterProductData-CODE"],
           }),
 
           new GuAllowPolicy(this, "CloudwatchLogs", {