[ELI-731] adding region to arn

TOEL2 · TOEL2 · commit 17fcad95568e · 2026-04-22T08:56:29.000+01:00
diff --git a/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf b/infrastructure/stacks/iams-developer-roles/github_actions_policies.tf
@@ -181,7 +181,7 @@ resource "aws_iam_policy" "dynamodb_management" {
             "dynamodb:UpdateTable",
           ],
           Resource = [
-            "arn:aws:dynamodb:*:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"
+            "arn:aws:dynamodb:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"
           ]
         },
 
@@ -218,7 +218,7 @@ resource "aws_iam_policy" "dynamodb_management" {
             "dynamodb:Query"
           ],
           Resource = [
-            "arn:aws:dynamodb:*:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"
+            "arn:aws:dynamodb:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"
           ]
         }
       ] : []
@@ -843,7 +843,7 @@ data "aws_iam_policy_document" "regression_test_permissions" {
       "dynamodb:ListTagsOfResource"
     ]
     resources = [
-      "arn:aws:dynamodb:*:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"
+      "arn:aws:dynamodb:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"
     ]
   }
 

Original file line number	Diff line number	Diff line change
`@@ -181,7 +181,7 @@ resource "aws_iam_policy" "dynamodb_management" {`
`181`	`181`	`"dynamodb:UpdateTable",`
`182`	`182`	`],`
`183`	`183`	`Resource = [`
`184`		`- "arn:aws:dynamodb::${data.aws_caller_identity.current.account_id}:table/eligibility-signposting-api-${var.environment}-eligibility_datastore"`
	`184`	`+ "arn:aws:dynamodb:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"`
`185`	`185`	`]`
`186`	`186`	`},`
`187`	`187`
`@@ -218,7 +218,7 @@ resource "aws_iam_policy" "dynamodb_management" {`
`218`	`218`	`"dynamodb:Query"`
`219`	`219`	`],`
`220`	`220`	`Resource = [`
`221`		`- "arn:aws:dynamodb::${data.aws_caller_identity.current.account_id}:table/eligibility-signposting-api-${var.environment}-eligibility_datastore"`
	`221`	`+ "arn:aws:dynamodb:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"`
`222`	`222`	`]`
`223`	`223`	`}`
`224`	`224`	`] : []`
`@@ -843,7 +843,7 @@ data "aws_iam_policy_document" "regression_test_permissions" {`
`843`	`843`	`"dynamodb:ListTagsOfResource"`
`844`	`844`	`]`
`845`	`845`	`resources = [`
`846`		`- "arn:aws:dynamodb::${data.aws_caller_identity.current.account_id}:table/eligibility-signposting-api-${var.environment}-eligibility_datastore"`
	`846`	`+ "arn:aws:dynamodb:${var.default_aws_region}:${data.aws_caller_identity.current.account_id}:table/*eligibility-signposting-api-${var.environment}-eligibility_datastore"`
`847`	`847`	`]`
`848`	`848`	`}`
`849`	`849`