Final Verification Checklist for notify.py
Complete Resource Audit
DynamoDB Operations (from notify.py code)
| Operation | Table | Method | Line | Policy Required | Status |
|---|---|---|---|---|---|
| Write | CreditCardNotifyTable | .save() | 112 | DynamoDBWritePolicy | ✅ Line 314-315 |
| Query | CardPaymentRecordTable | .chargeId_index.query() | 168 | DynamoDBCrudPolicy (includes Query) | ✅ Line 326-327 |
| Query | CardPaymentRecordTableMaster | .chargeId_index.query() | 175 | DynamoDBCrudPolicy (includes Query) | ✅ Line 329-330 |
| Write | PaymentErrorLogTable | .save() via log_error() | 241 | DynamoDBWritePolicy | ✅ Line 332-333 |
Lambda Invocations (from notify.py code)
| Function Name Pattern | Actual Function | Line | Policy Required | Status |
|---|---|---|---|---|
payment3-delayed-notify-{BRANCH} | DelayedNotify | 42 | LambdaInvokePolicy | ✅ Line 341-342 |
payment3-process-paid-order-{BRANCH} | ProcessPaidOrder | 139 | LambdaInvokePolicy | ✅ Line 335-336 |
Function Name Verification
✅ DelayedNotify in template.yaml:
- FunctionName:
!Sub payment3-delayed-notify-${BRANCH}(line 361) - Matches code:
f"payment3-delayed-notify-{BRANCH}"(line 42)
✅ ProcessPaidOrder in template.yaml:
- FunctionName:
!Sub payment3-process-paid-order-${BRANCH}(line 677) - Matches code:
f"payment3-process-paid-order-{BRANCH}"(line 139)
Table Name Verification
✅ CreditCardNotifyTable:
- Code:
f"payment3-credit-card-notify-{BRANCH}"(line 51) - Template:
!Sub payment3-credit-card-notify-${BRANCH}(line 1007)
✅ CardPaymentRecordTable:
- Code:
f"payment3-card-payment-record-{BRANCH}"(from src/cardPaymentRecordTable.py) - Template:
!Sub payment3-card-payment-record-${BRANCH}(line 1153)
✅ CardPaymentRecordTableMaster:
- Code:
"payment3-card-payment-record-master"(hardcoded, line 19 in src/cardPaymentRecordTableMaster.py) - Template:
payment3-card-payment-record-master(hardcoded, line 330)
✅ PaymentErrorLogTable:
- Code:
f"payment3-error-log-{BRANCH}"(from src/payment_error_log_table.py) - Template:
!Sub payment3-error-log-${BRANCH}(line 1326)
Dependencies Check
✅ lambdasdk - Just a wrapper around boto3 Lambda client, uses standard IAM permissions ✅ sentry_sdk - External service, no AWS permissions needed ✅ PynamoDB - Uses boto3 under the hood, covered by DynamoDB policies ✅ error_logger - Only uses PaymentErrorLogTable (already covered)
Additional Services Check
❌ S3 - Not used
❌ SNS - Not used
❌ SQS - Not used
❌ Secrets Manager - Not used
❌ KMS - Not used
❌ API Gateway - Handled by SAM automatically (not IAM policy)
Environment Variables
✅ BRANCH - Set in Globals (line 15) - applies to all functions including Notify ❌ DEBUG_MODE - Only for local testing, not needed in template.yaml
Final Verification Result
✅ ALL REQUIRED POLICIES ARE PRESENT AND CORRECT
Summary:
- ✅ 4 DynamoDB policies (3 tables + 1 error log table)
- ✅ 2 Lambda invoke policies (DelayedNotify + ProcessPaidOrder)
- ✅ All function names match
- ✅ All table names match
- ✅ All operations are covered
- ✅ No missing dependencies
No additional policies or configurations are needed.
The template.yaml is complete and correct for the notify.py function.