[dynamodb] global table grantReadWriteData not working for replicas of global Table

My cdk stack is this :

• 1 ddb global table in us-east-1 replicating onto 3 other regions.
  • global table nature for sync across regions
• lambda and api gateway in all 4 regions.
• lambda for each region interacting with the replica ddbs in that region.

I am using “@aws-cdk/aws-dynamodb”: “1.32.2”, in my package.json

when I use below command I see that the inline policy on my Lambda executionRole has all the desired Actions on only the us-east-1 table and not on the replicating regions

dynamoDBTable.grantReadWriteData(lambdaFunction as IGrantable);

Reproduction Steps

• create cdk application
• create ddb table in us-east-1
• for other regions [eu-west-1, ap-northeast1, us-west-2] iterate over each and create lambdaFunction in each
• dynamoDBTable.grantReadWriteData(lambdaFunction as IGrantable);
• after cdk deploy open the lambdaFunction for eu-west-1 region on aws console and see executionRole in permissions
• you will notice inline policy of that role to contain only permission on us-east-1 instead of eu-west-1

What did you expect to happen?

• inline policy of lambdaExecution role to contain permission on eu-west-1 table

• ensure execution role for each lambda in each region exists on corresponding ddb table (created via replication)

What actually happened?

• execution role created only for original region (us-east-1) where the dynamodb Table got created using

new dynamoDB.Table(scope, id, tableProps);

Environment

• CLI Version : NA
• Framework Version: CDK 1.32.2
• Node.js Version: v12.18.3
• OS : mac
• Language (Version): TypeScript

Other

similar to https://github.com/aws/aws-cdk/pull/7453/files

This is 🐛 Bug Report