From b6495dbaf66c2367196117845fc485e56d9abda9 Mon Sep 17 00:00:00 2001
From: Ran Isenberg <60175085+ran-isenberg@users.noreply.github.com>
Date: Sun, 10 Nov 2024 14:04:10 +0200
Subject: [PATCH] feautre: remove extra permissions from DB dal (#897)

---
 cdk/service/api_construct.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cdk/service/api_construct.py b/cdk/service/api_construct.py
index 44b3809..f34b452 100644
--- a/cdk/service/api_construct.py
+++ b/cdk/service/api_construct.py
@@ -76,7 +76,7 @@ def _build_lambda_role(self, db: dynamodb.TableV2, idempotency_table: dynamodb.T
                 'dynamodb_db': iam.PolicyDocument(
                     statements=[
                         iam.PolicyStatement(
-                            actions=['dynamodb:PutItem', 'dynamodb:GetItem'],
+                            actions=['dynamodb:PutItem'],
                             resources=[db.table_arn],
                             effect=iam.Effect.ALLOW,
                         )