docs(dynamodb): add privileges for dynamodb (#13372)

metadata-ingestion/docs/sources/dynamodb/dynamodb_pre.md

@@ -2,28 +2,15 @@
 
 Notice of breaking change: Starting v0.13.3, `aws_region` is now a required configuration for DynamoDB Connector. The connector will no longer loop through all AWS regions; instead, it will only use the region passed into the recipe configuration.
 
-In order to execute this source, you need to attach the `AmazonDynamoDBReadOnlyAccess` policy to a user in your AWS account. Then create an API access key and secret for the user.
+In order to execute this source, you need to attach the `AmazonDynamoDBReadOnlyAccess` policy to a user in your AWS account. Then create an API access key and secret for the user. This future proofs it in case we need to make further changes. But you can use these privileges to run this source for now
 
-For a user to be able to create API access key, it needs the following access key permissions. Your AWS account admin can create a policy with these permissions and attach to the user, you can find more details in [Managing access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)
-
-```json
-{
-  "Version": "2012-10-17",
-  "Statement": [
-    {
-      "Sid": "VisualEditor0",
-      "Effect": "Allow",
-      "Action": [
-        "iam:ListAccessKeys",
-        "iam:CreateAccessKey",
-        "iam:UpdateAccessKey",
-        "iam:DeleteAccessKey"
-      ],
-      "Resource": "arn:aws:iam::${aws_account_id}:user/${aws:username}"
-    }
-  ]
-}
 ```
+dynamodb:ListTables
+dynamodb:DescribeTable
+dynamodb:Scan
+```
+
+We need `dynamodb:Scan` because Dynamodb does not return the schema in `dynamodb:DescribeTable` and thus we sample few values to understand the schema.
 
 ### Concept Mapping