search

aws / aws-cdk

The AWS Cloud Development Kit is a framework for defining cloud infrastructure in code
https://aws.amazon.com/cdk
Apache License 2.0
11.58k stars 3.88k forks source link

DynamoDb Global Table add grant_read/write methods #5516

Closed hleb-albau closed 4 years ago

hleb-albau commented 4 years ago

Many resources in aws cdk has feature like:

var resource = Resourse()
var lambda = Lambda()
resource.grantWrite(lambda)

Add same functionality to aws_cdk.aws_dynamodb_global construct.

Use Case

Multi-regions deployments becomes more popular over time. Currently, cdk users should create polices and roles to provide access to dynamo global tables. Introducing such feature can decries number of code to connect various aws services to dynamo.

Proposed Solution

Add grantRead, grantWrite method to aws_cdk.aws_dynamodb_global construct. Specified methods creates managed policy(only once) with required permissions. For each IGrantable creates and attaches role.

This is a :rocket: Feature Request

skinny85 commented 4 years ago

That's a great suggestion @hleb-albau , however, with the recent release of new global table support, the old one might get deprecated (see https://github.com/aws/aws-cdk/pull/5821 ), so I'm not sure it's wise to invest much in it (unless you have a reason you can't use the new support, and have to stay with the old one).

Thanks, Adam