I am new to Terraform and also CDKTF. I have worked a few years with “regular” AWS CDK.
In AWS CDK you have methods like grantReadWriteData. E.g. if you have a dynamodb table where you want to give a Lambda function readwrite permissions you can call something like this:
Does anything like this exists on CDK TF or do we have to write those policy statements our selves and add them to a lambda function role?
grantX type methods exist on “L2/L3” constructs in the AWS CDK. CDKTF currently only has “L1” constructs.
A few options exist currently:
- Write the statements directly
- Use IAM Floyd with some light glue to make those statements a bit easier
- Roll your own “L2” constructs that have those methods (doing manual under the hood)
- Use Terraform modules. These are somewhat similar to “L2/L3” constructs, but native to Terraform.
- Use the experimental aws cdk adapter (I’m not sure if IAM is currently supported)