From e0d9a29583092dfd4595824319296cd290401126 Mon Sep 17 00:00:00 2001
From: Craig McNicholas <41394833+cmcnicholas@users.noreply.github.com>
Date: Sun, 11 Jun 2023 10:58:07 +0100
Subject: [PATCH] fix: adds `dynamodb:ConditionCheckItem` permission to
 dynamodb construct

Without this IAM permission, transacted writes in dynamodb using the `ConditionCheck` feature are disallowed.

See:

https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_ConditionCheck.html

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/transaction-apis-iam.html
---
 src/constructs/aws/DatabaseDynamoDBSingleTable.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/constructs/aws/DatabaseDynamoDBSingleTable.ts b/src/constructs/aws/DatabaseDynamoDBSingleTable.ts
index 54e9c6ef..6be1f9a8 100644
--- a/src/constructs/aws/DatabaseDynamoDBSingleTable.ts
+++ b/src/constructs/aws/DatabaseDynamoDBSingleTable.ts
@@ -86,6 +86,7 @@ export class DatabaseDynamoDBSingleTable extends AwsConstruct {
                     "dynamodb:DeleteItem",
                     "dynamodb:BatchWriteItem",
                     "dynamodb:UpdateItem",
+                    "dynamodb:ConditionCheckItem",
                 ],
                 [this.table.tableArn, Stack.of(this).resolve(Fn.join("/", [this.table.tableArn, "index", "*"]))]
             ),