Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Python CDK DynamoDB Table.grant_read_write doesn't include PartiQL permissions.

0

I am using the python CDK to grant a lambda function permissions to a DynamoDB table.

if I use: my_table.grant_read_write(my_lambda) the lambda fails with error "no identity-based policy allows the dynamodb:PartiQLUpdate action'"

however, if I use: my_table.grant_full_access(my_lambda) the lambda succeeds and I can confirm the updates were made.

I don't want to grant full access. I can add a inline policy to the lambda, but I am trying to understand why the builtin method doesn't work.

Why doesn't the read/write permissions cover the partiQL statements?

Themen
ServerlosKalkulationDatenbankAWS Cloud-Entwicklungskit (CDK)
Tags
AWS LambdaAmazon DynamoDBAWS Cloud-Entwicklungskit (CDK)
Sprache
English
levi
gefragt vor 3 Monaten105 Aufrufe
1 Antwort
1

That is the current expected behavior:

  • BatchGetItem

  • GetRecords

  • GetShardIterator

  • Query

  • GetItem

  • Scan

  • BatchWriteItem

  • PutItem

  • UpdateItem

  • DeleteItem

Whereas grantFullAccess simply allows all: Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.

In order to allow PartiQL operations you can do the following:

table.grant(my_lambda, 'dynamodb:PartiQLSelect');

Moreover, you can contribute to CDK to make amends as it is open source, or simply create a feature request on the GitHub: https://github.com/aws/aws-cdk

profile pictureAWS
EXPERTE
Leeroy Hannigan
beantwortet vor 3 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt