From cd41e73cbee7c696d91403622348f384f78cd252 Mon Sep 17 00:00:00 2001
From: Sergio Garcia <38561120+sergargar@users.noreply.github.com>
Date: Tue, 17 May 2022 12:33:49 +0200
Subject: [PATCH] fix(readme): Correct permissions for DynamoDB allowlist
 (#1147)

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 0906eb7e..348ebc42 100644
--- a/README.md
+++ b/README.md
@@ -503,7 +503,7 @@ S3 URIs are also supported as allowlist file, e.g. `s3://bucket/prefix/allowlist
 >Make sure that the used credentials have s3:GetObject permissions in the S3 path where the allowlist file is located.
 
 DynamoDB table ARNs are also supported as allowlist file, e.g. `arn:aws:dynamodb:us-east-1:111111222222:table/allowlist`
->Make sure that the table has `account_id` as partition key and `rule` as sort key, and that the used credentials have dynamodb:Scan permissions in the table.
+>Make sure that the table has `account_id` as partition key and `rule` as sort key, and that the used credentials have `dynamodb:PartiQLSelect` permissions in the table.
 ><p align="left"><img src="https://user-images.githubusercontent.com/38561120/165769502-296f9075-7cc8-445e-8158-4b21804bfe7e.png" alt="image" width="397" height="252" /></p>
 
 >The field `account_id` can contains either an account ID or an `*` (which applies to all the accounts that use this table as a whitelist). As in the traditional allowlist file, the `rule` field must contain `checkID:resourcename` pattern.