have a bare bones config (excluding the data stuff)
resource "aws_dynamodb_kinesis_streaming_destination" "example" {
table_name = data.aws_dynamodb_table.tabledata.arn
stream_arn = data.aws_kinesis_stream.stream.arn
}
however when I try to create it, i get an error that I do not have permissions to create it. This is using the admin role. Iām able to create this through the web console with the same role. And looking at the cloudtrail logs, I see the same event name.
The web console was successful. however the terraform one was not.
"userAgent": "APN/1.0 HashiCorp/1.0 Terraform/1.3.3 (+https://www.terraform.io) terraform-provider-aws/4.52.0 (+https://registry.terraform.io/providers/hashicorp/aws) aws-sdk-go/1.44.186 (go1.19.3; linux; amd64)",
Plan: 1 to add, 0 to change, 0 to destroy.
aws_dynamodb_kinesis_streaming_destination.table---stream: Creating...
ā·
ā Error: error enabling DynamoDB Kinesis streaming destination (stream: arn:aws:kinesis:us-east-1:<acct>:stream/stream, table: arn:aws:dynamodb:us-east-1:<acct>:table/table): AccessDeniedException: User: arn:aws:sts::<acct>:assumed-role/super_admin_role/admin_terraform is not authorized to perform: dynamodb:EnableKinesisStreamingDestination on resource: arn:aws:dynamodb:us-east-1:<acct>:table/arn:aws:dynamodb:us-east-1:<acct>:table/table
ā status code: 400, request id:
has anyone been able to create this successfully on terraform?