From 7915c7ee620ecdeae5fc91007f39824446f1e997 Mon Sep 17 00:00:00 2001
From: Lee Hannigan <lhnng@amazon.com>
Date: Sat, 13 Apr 2024 00:05:27 +0100
Subject: [PATCH] Add resource polices to DynamoDB Table #29600

---
 packages/aws-cdk-lib/aws-dynamodb/lib/table.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts b/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts
index 270ab71b06cf0..fd805ee20f6cc 100644
--- a/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts
+++ b/packages/aws-cdk-lib/aws-dynamodb/lib/table.ts
@@ -370,6 +370,13 @@ export interface TableOptions extends SchemaOptions {
    * @default - no data import from the S3 bucket
    */
   readonly importSource?: ImportSourceSpecification;
+
+  /**
+   * Resource policy to assign to DynamoDB Table.
+   *
+   * @default - No resource policy statements are added to the created table.
+   */
+  readonly resourcePolicy?: iam.PolicyDocument;
 }
 
 /**
@@ -1095,6 +1102,7 @@ export class Table extends TableBase {
       kinesisStreamSpecification: props.kinesisStream ? { streamArn: props.kinesisStream.streamArn } : undefined,
       deletionProtectionEnabled: props.deletionProtection,
       importSourceSpecification: this.renderImportSourceSpecification(props.importSource),
+      resourcePolicy: props.resourcePolicy? { policyDocument: props.resourcePolicy } : undefined,
     });
     this.table.applyRemovalPolicy(props.removalPolicy);