Why is oss helpers not accessible when running a Data Replay in Panther?

QUESTION

Why is oss_helpers is not accessible when running a Data Replay in the Panther Console? I see an error similar to: 

User:arn:aws:sts::../panther-replay-detections-engine identity not being authorized to perform dynamodb:getItem on resource arn:aws:dynamodb:us-east-1:../panther-kv-store because no identity-based policy allows the dynamodb:getItem action

ANSWER

Data Replay does not have access to the DynamoDB cache like panther-kv-store to prevent modifying production data from a replay.

• Access to the panther-kv-store is blocked to prevent polluting production data

• The DynamoDB cache is blocked to prevent modifying production data from a replay

See the Panther documentation for reference to the limitations listed above.