Al usar AWS re:Post, aceptas las AWS re:Post Términos de uso
AWS re:Postre:Post

Python CDK DynamoDB Table.grant_read_write doesn't include PartiQL permissions.

0

I am using the python CDK to grant a lambda function permissions to a DynamoDB table.

if I use: my_table.grant_read_write(my_lambda) the lambda fails with error "no identity-based policy allows the dynamodb:PartiQLUpdate action'"

however, if I use: my_table.grant_full_access(my_lambda) the lambda succeeds and I can confirm the updates were made.

I don't want to grant full access. I can add a inline policy to the lambda, but I am trying to understand why the builtin method doesn't work.

Why doesn't the read/write permissions cover the partiQL statements?

Temas
Sin servidorCálculoBase de datosAWS Cloud Development Kit (CDK)
Etiquetas
AWS LambdaAmazon DynamoDBAWS Cloud Development Kit (CDK)
Idioma
English
levi
preguntada hace 3 meses104 visualizaciones
1 Respuesta
1

That is the current expected behavior:

  • BatchGetItem

  • GetRecords

  • GetShardIterator

  • Query

  • GetItem

  • Scan

  • BatchWriteItem

  • PutItem

  • UpdateItem

  • DeleteItem

Whereas grantFullAccess simply allows all: Permits all DynamoDB operations ("dynamodb:*") to an IAM principal.

In order to allow PartiQL operations you can do the following:

table.grant(my_lambda, 'dynamodb:PartiQLSelect');

Moreover, you can contribute to CDK to make amends as it is open source, or simply create a feature request on the GitHub: https://github.com/aws/aws-cdk

profile pictureAWS
EXPERTO
Leeroy Hannigan
respondido hace 3 meses

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas

Contenido relevante