From 424e825893a31c77226e7153cafee2616f4c8c1a Mon Sep 17 00:00:00 2001 From: vvatanabe Date: Thu, 9 Nov 2023 09:35:40 +0900 Subject: [PATCH] docs: add Required IAM Policy section to README --- README.md | 23 +++++++++++++-------- dynamomq-iam-policy.json | 25 ++++++++++++++++++++++ dynamomq-iam-policy.tf | 31 ++++++++++++++++++++++++++++ dynamomq.json => dynamomq-table.json | 0 dynamomq.tf => dynamomq-table.tf | 0 5 files changed, 70 insertions(+), 9 deletions(-) create mode 100644 dynamomq-iam-policy.json create mode 100644 dynamomq-iam-policy.tf rename dynamomq.json => dynamomq-table.json (100%) rename dynamomq.tf => dynamomq-table.tf (100%) diff --git a/README.md b/README.md index a94c072..9b8325e 100644 --- a/README.md +++ b/README.md @@ -12,9 +12,10 @@ Implementing message queueing with Amazon DynamoDB in Go. - [Installation](#installation) * [DynamoMQ CLI](#dynamomq-cli) * [DynamoMQ Library](#dynamomq-library) -- [Setup DynamoMQ Table](#setup-dynamomq-table) - * [Use AWS CLI](#use-aws-cli) - * [Use Terraform](#use-terraform) +- [Setup DynamoMQ](#setup-dynamomq) + * [Required IAM Policy](#required-iam-policy) + * [Create Table with AWS CLI](#create-table-with-aws-cli) + * [Create Table with Terraform](#create-table-with-terraform) - [Usage for DynamoMQ CLI](#usage-for-dynamomq-cli) * [Available Commands](#available-commands) * [Global Flags](#global-flags) @@ -77,18 +78,22 @@ This package can be installed as library with the go get command: $ go get -u github.com/vvatanabe/dynamomq@latest ``` -## Setup DynamoMQ Table +## Setup DynamoMQ -### Use AWS CLI +### Required IAM Policy + +Please refer to [dynamomq-iam-policy.json](./dynamomq-iam-policy.json) or [dynamomq-iam-policy.tf](./dynamomq-iam-policy.tf) + +### Create Table with AWS CLI ```sh -aws dynamodb create-table --cli-input-json file://dynamomq.json +aws dynamodb create-table --cli-input-json file://dynamomq-table.json ``` -Please refer to [dynamomq.json](./dynamomq.json). +Please refer to [dynamomq-table.json](./dynamomq-table.json). -### Use Terraform +### Create Table with Terraform -Please refer to [dynamomq.tf](./dynamomq.tf). +Please refer to [dynamomq-table.tf](./dynamomq-table.tf). ## Usage for DynamoMQ CLI diff --git a/dynamomq-iam-policy.json b/dynamomq-iam-policy.json new file mode 100644 index 0000000..28975fd --- /dev/null +++ b/dynamomq-iam-policy.json @@ -0,0 +1,25 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "dynamodb:Query", + "dynamodb:GetItem", + "dynamodb:BatchGetItem", + "dynamodb:Scan", + "dynamodb:DeleteItem", + "dynamodb:PutItem", + "dynamodb:UpdateItem", + "dynamodb:BatchWriteItem", + "dynamodb:TransactWriteItems", + "dynamodb:DescribeTable", + "dynamodb:CreateTable" + ], + "Resource": [ + "arn:aws:dynamodb:::table/dynamo-mq-table", + "arn:aws:dynamodb:::table/dynamo-mq-table/index/dynamo-mq-index-queue_type-queue_add_timestamp" + ] + } + ] +} diff --git a/dynamomq-iam-policy.tf b/dynamomq-iam-policy.tf new file mode 100644 index 0000000..6c0d9d0 --- /dev/null +++ b/dynamomq-iam-policy.tf @@ -0,0 +1,31 @@ +resource "aws_iam_policy" "dynamomq_policy" { + name = "DynamoMQPolicy" + path = "/" + description = "IAM policy for DynamoMQ access" + + policy = jsonencode({ + Version = "2012-10-17" + Statement = [ + { + Effect = "Allow" + Action = [ + "dynamodb:Query", + "dynamodb:GetItem", + "dynamodb:BatchGetItem", + "dynamodb:Scan", + "dynamodb:DeleteItem", + "dynamodb:PutItem", + "dynamodb:UpdateItem", + "dynamodb:BatchWriteItem", + "dynamodb:TransactWriteItems", + "dynamodb:DescribeTable", + "dynamodb:CreateTable" + ] + Resource = [ + "arn:aws:dynamodb:${var.region}:${var.account_id}:table/dynamo-mq-table", + "arn:aws:dynamodb:${var.region}:${var.account_id}:table/dynamo-mq-table/index/dynamo-mq-index-queue_type-queue_add_timestamp" + ] + } + ] + }) +} diff --git a/dynamomq.json b/dynamomq-table.json similarity index 100% rename from dynamomq.json rename to dynamomq-table.json diff --git a/dynamomq.tf b/dynamomq-table.tf similarity index 100% rename from dynamomq.tf rename to dynamomq-table.tf