lambda删除项目的云开发工具包Dynamodb权限
cloud development kit Dynamodb permission for lambda to delete items
你好,我希望你能在这个问题上引导我朝着正确的方向前进。
我正在使用 Amazon Web Services 云开发工具包。
我想创建一个 Lambda 函数来从 DynamoDB 中删除项目 table。
import * as lambda from '@aws-cdk/aws-lambda';
import * as iam from '@aws-cdk/aws-iam';
const deleteLambda = new lambda.Function(
this,
'deleteLambda',
{
functionName: 'deleteLambda',
runtime: lambda.Runtime.NODEJS_10_X,
handler: 'deleteLambda.handler',
code: lambda.Code.fromAsset('lambdas-fns'),
memorySize: 1024
});
const lambdaARole = new iam.Role(this, 'LambdaRole', {
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
});
lambdaARole.addManagedPolicy(
iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonDynamoDBFullAccess')
);
const tbl = new Table(this, 'TestTable', {})
现在我知道我可以使用 tbl.grantReadData 允许 lambda 从 table 读取项目,或使用 tbl.grantWriteData 允许 lambda 添加项目。但是我找不到允许删除项目的正确语法。
如果有人能指出我遗漏了什么,将不胜感激。
Granting permissions to resources
const fn = new lambda.Function(this, 'Function', functionProps);
const table = new dynamodb.Table(this, 'Table', tableProps);
table.grant(fn, 'dynamodb:PutItem');
workshop 中还有另一个完整示例,其中包含 cdk Allow Lambda to read/write our DynamoDB table
import * as cdk from '@aws-cdk/core';
import * as lambda from '@aws-cdk/aws-lambda';
import * as dynamodb from '@aws-cdk/aws-dynamodb';
export interface HitCounterProps {
/** the function for which we want to count url hits **/
downstream: lambda.Function;
}
export class HitCounter extends cdk.Construct {
/** allows accessing the counter function */
public readonly handler: lambda.Function;
constructor(scope: cdk.Construct, id: string, props: HitCounterProps) {
super(scope, id);
const table = new dynamodb.Table(this, 'Hits', {
partitionKey: { name: 'path', type: dynamodb.AttributeType.STRING }
});
this.handler = new lambda.Function(this, 'HitCounterHandler', {
runtime: lambda.Runtime.NODEJS_10_X,
handler: 'hitcounter.handler',
code: lambda.Code.fromAsset('lambda'),
environment: {
DOWNSTREAM_FUNCTION_NAME: props.downstream.functionName,
HITS_TABLE_NAME: table.tableName
}
});
// grant the lambda role read/write permissions to our table
table.grantReadWriteData(this.handler);
}
}
你好,我希望你能在这个问题上引导我朝着正确的方向前进。
我正在使用 Amazon Web Services 云开发工具包。
我想创建一个 Lambda 函数来从 DynamoDB 中删除项目 table。
import * as lambda from '@aws-cdk/aws-lambda';
import * as iam from '@aws-cdk/aws-iam';
const deleteLambda = new lambda.Function(
this,
'deleteLambda',
{
functionName: 'deleteLambda',
runtime: lambda.Runtime.NODEJS_10_X,
handler: 'deleteLambda.handler',
code: lambda.Code.fromAsset('lambdas-fns'),
memorySize: 1024
});
const lambdaARole = new iam.Role(this, 'LambdaRole', {
assumedBy: new iam.ServicePrincipal('lambda.amazonaws.com'),
});
lambdaARole.addManagedPolicy(
iam.ManagedPolicy.fromAwsManagedPolicyName('AmazonDynamoDBFullAccess')
);
const tbl = new Table(this, 'TestTable', {})
现在我知道我可以使用 tbl.grantReadData 允许 lambda 从 table 读取项目,或使用 tbl.grantWriteData 允许 lambda 添加项目。但是我找不到允许删除项目的正确语法。
如果有人能指出我遗漏了什么,将不胜感激。
Granting permissions to resources
const fn = new lambda.Function(this, 'Function', functionProps);
const table = new dynamodb.Table(this, 'Table', tableProps);
table.grant(fn, 'dynamodb:PutItem');
workshop 中还有另一个完整示例,其中包含 cdk Allow Lambda to read/write our DynamoDB table
import * as cdk from '@aws-cdk/core';
import * as lambda from '@aws-cdk/aws-lambda';
import * as dynamodb from '@aws-cdk/aws-dynamodb';
export interface HitCounterProps {
/** the function for which we want to count url hits **/
downstream: lambda.Function;
}
export class HitCounter extends cdk.Construct {
/** allows accessing the counter function */
public readonly handler: lambda.Function;
constructor(scope: cdk.Construct, id: string, props: HitCounterProps) {
super(scope, id);
const table = new dynamodb.Table(this, 'Hits', {
partitionKey: { name: 'path', type: dynamodb.AttributeType.STRING }
});
this.handler = new lambda.Function(this, 'HitCounterHandler', {
runtime: lambda.Runtime.NODEJS_10_X,
handler: 'hitcounter.handler',
code: lambda.Code.fromAsset('lambda'),
environment: {
DOWNSTREAM_FUNCTION_NAME: props.downstream.functionName,
HITS_TABLE_NAME: table.tableName
}
});
// grant the lambda role read/write permissions to our table
table.grantReadWriteData(this.handler);
}
}