AUT-5432: Grant frontend TaskRole DynamoDB access

sw-mattw · sw-mattw · commit 4e7ced1becb5 · 2026-05-15T13:08:53.000+01:00
diff --git a/cloudformation/deploy/template.yaml b/cloudformation/deploy/template.yaml
@@ -1417,6 +1417,18 @@ Resources:
                   - kms:GenerateDataKey*
                   - kms:DescribeKey
                 Resource: !GetAtt FrontendSessionsTableKmsKey.Arn
+        - PolicyName: AllowDynamoDbFrontendSessionAccess
+          PolicyDocument:
+            Version: "2012-10-17"
+            Statement:
+              - Effect: Allow
+                Action:
+                  - dynamodb:GetItem
+                  - dynamodb:PutItem
+                  - dynamodb:UpdateItem
+                  - dynamodb:DeleteItem
+                  - dynamodb:DescribeTable
+                Resource: !GetAtt FrontendSessionsTable.Arn
       PermissionsBoundary: !If
         - UsePermissionsBoundary
         - !Ref PermissionsBoundary
