Add indexes to dynamodb.Table.fromTableAttributes

[skinny85]

Right now, we don't allow passing indexes to dynamodb.Table.fromTableAttributes(). This means that methods like grantRead do not include the stream ARN for these Tables, even if in reality they have streams enabled.

We should add optional properties localIndexes?: string[] and globalIndexes?: string[] to TableAttributes. This should also allow us to add a bunch of methods to the ITable interface that were thus far only available on Table, like autoScalReadCapacity().

See this comment and below for more context why is this needed.

[balkat]

The ITable grant thing is also causing us problems. We are instantiating an ITable via Table.fromTableArn(). When we do this, permission grants to lambda functions do not include the extra entry for the indexes in the Resource:

Using the Table construct we get e.g.:

            "Resource": [
                "arn:aws:dynamodb:us-east-1:REDACTED:table/VCS-UserData-vc-dev-Sea88E64FB3-TID62DP6LMCV",
                "arn:aws:dynamodb:us-east-1:REDACTED:table/VCS-UserData-vc-dev-Sea88E64FB3-TID62DP6LMCV/index/*"
            ],

When using Table.fromTableArn() we do not get the second line and any operations on the indexes are denied.

We also had to make changes elsewhere because ITable does not offer the grantFullAccess() method.

[cloud-context]

This is a bit of a blocker for us also - are there any plans to get this added?

We do have a workaround which looks a bit like this:

theTable.grantReadWriteData(theFunction)
Grant.addToPrincipal({
        grantee: theFunction,
        actions: READ_WRITE_DATA_ACTIONS,
        resourceArns: [
            `${theTable.tableArn}/index/*`
        ],
        scope: theTable,
});

It works but it would be good to have indexes included for permissions out of the box