From 98397123bcc50b11180795f5c2c7b80f08695529 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Labesse=20K=C3=A9vin?= <kevin@labesse.me>
Date: Sat, 4 Jan 2020 17:14:30 +0100
Subject: [PATCH 1/2] update iam requirement

---
 docs/operations/storage/README.md | 8 ++------
 1 file changed, 2 insertions(+), 6 deletions(-)

diff --git a/docs/operations/storage/README.md b/docs/operations/storage/README.md
index ce38c3ce23cd8..02d5b78bff669 100644
--- a/docs/operations/storage/README.md
+++ b/docs/operations/storage/README.md
@@ -64,6 +64,8 @@ When using DynamoDB for the index, the following permissions are needed:
 * `dynamodb:UntagResource`
 * `dynamodb:UpdateItem`
 * `dynamodb:UpdateTable`
+* `dynamodb:CreateTable`
+* `dynamodb:DeleteTable` (if `table_manager.retention_period` is more than 0s)
 
 Resources: `arn:aws:dynamodb:<aws_region>:<aws_account_id>:table/<prefix>*`
 
@@ -71,12 +73,6 @@ Resources: `arn:aws:dynamodb:<aws_region>:<aws_account_id>:table/<prefix>*`
 
 If you enable autoscaling from table manager, the following permissions are needed:
 
-##### Deletion
-
-* `dynamodb:DeleteTable`
-
-Resources: `arn:aws:dynamodb:<aws_region>:<aws_account_id>:table/<prefix>*`
-
 ##### Application Autoscaling
 
 * `dynamodb:ListTables`

From 568fce31fae56fc04d812708dc57ad4658df0d59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Labesse=20K=C3=A9vin?= <kevin@labesse.me>
Date: Sat, 4 Jan 2020 17:19:23 +0100
Subject: [PATCH 2/2] move ListTables in correct section

---
 docs/operations/storage/README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/operations/storage/README.md b/docs/operations/storage/README.md
index 02d5b78bff669..d8b36c57acef4 100644
--- a/docs/operations/storage/README.md
+++ b/docs/operations/storage/README.md
@@ -69,13 +69,16 @@ When using DynamoDB for the index, the following permissions are needed:
 
 Resources: `arn:aws:dynamodb:<aws_region>:<aws_account_id>:table/<prefix>*`
 
+* `dynamodb:ListTables`
+
+Resources: `*`
+
 #### AutoScaling 
 
 If you enable autoscaling from table manager, the following permissions are needed:
 
 ##### Application Autoscaling
 
-* `dynamodb:ListTables`
 * `application-autoscaling:DescribeScalableTargets`
 * `application-autoscaling:DescribeScalingPolicies`
 * `application-autoscaling:RegisterScalableTarget`