From 7f61e63e58fdd1c4703d92f7a2a1cb6c35c58470 Mon Sep 17 00:00:00 2001
From: Robin Tang <rtang.cs@gmail.com>
Date: Sun, 24 Sep 2023 14:22:59 -0700
Subject: [PATCH] Updating README and service_account.

---
 README.md                            | 2 +-
 examples/dynamodb/service_account.tf | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 7a8121ee..f04ee46c 100644
--- a/README.md
+++ b/README.md
@@ -35,4 +35,4 @@ go run main.go --config config.yaml
 ```
 
 ## What is currently supported?
-* DynamoDB (DynamoDB streams)
+* DynamoDB (via DynamoDB streams)
diff --git a/examples/dynamodb/service_account.tf b/examples/dynamodb/service_account.tf
index 85150271..453cc801 100644
--- a/examples/dynamodb/service_account.tf
+++ b/examples/dynamodb/service_account.tf
@@ -45,6 +45,8 @@ resource "aws_iam_policy" "dynamodb_streams_access" {
           "dynamodb:GetRecords",
           "dynamodb:ListStreams"
         ],
+        // Don't want to use "*"? You can specify like this:
+        // Resource = [ TABLE_ARN, TABLE_ARN + "/stream/*" ]
         Resource = "*" # Modify this to restrict access to specific streams or resources
       }
     ]