IAM easy granting access to resources

Hi all,
I am new to Terraform and also CDKTF. I have worked a few years with “regular” AWS CDK.

In AWS CDK you have methods like grantReadWriteData. E.g. if you have a dynamodb table where you want to give a Lambda function readwrite permissions you can call something like this:
table.grantReadWriteData(postFunction);

Does anything like this exists on CDK TF or do we have to write those policy statements our selves and add them to a lambda function role?

Those grantX type methods exist on “L2/L3” constructs in the AWS CDK. CDKTF currently only has “L1” constructs.
A few options exist currently:

  • Write the statements directly
  • Use IAM Floyd with some light glue to make those statements a bit easier
  • Roll your own “L2” constructs that have those methods (doing manual under the hood)
  • Use Terraform modules. These are somewhat similar to “L2/L3” constructs, but native to Terraform.
  • Use the experimental aws cdk adapter (I’m not sure if IAM is currently supported)