aside from adding

@DynamoDBTable(tableName, PermissionLevel.ReadWrite)

to the object that has the client object is there anything else I need to do on the aws side? ikeep getting a

:assumed-role/graphql-post/graphql-post is not authorized to perform: dynamodb:Scan on resource

error

Well, in general no. As you may see here https://github.com/JetBrains/kotless/blob/master/model/src/main/kotlin/io/kotless/Permission.kt#L18

Read

access includes

Scan

. Are you sure that table name is correct? And that you use explicitly annotated object.

double checked the table name and it is correct. https://github.com/MattLangsenkamp/fnb-serverless-2/blob/master/src/main/kotlin/fnb/locations/LocationsServiceDynamo.kt this is the object that trying to touch the table

I'll generate terraform and will take a look 🙂

so to remedy this do i need to give the post rout access as well?

Unfortunately, Kotless is unable to track right now that creation of object required permission, if inside a request only the resulting object is used.

thanks I will give that a try and report back

At least it works for me. BTW, it may be I have overcomplicated the whole permissions thing. As far as I see user need just all the permissions that were defined in application. Kotless right now is trying to find out what specific permissions which handler uses. It leads to such problems.

Your advice worked, thanks for the speedy help

No problem. If you you find Permissions API too complex don't hesitate to create an issue. I would really love to hear some feedback from users 🙂