Open jplock opened 1 year ago
Hi @jplock
Thank you for your feature request, and for posting a workaround. You are correct that we currently do not support DDB Transactions in the DynamoDB Encryption Client for Python. I will keep this issue open for any future updates we may have.
In your workaround, one thing that you will need to be careful of is including any UPDATE in your Transact Write. DDB UPDATE can lead to signature verification failures on future reads if you do not include all signed fields in the update. See our documentation here: https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/troubleshooting.html#change-data-model
Thanks @imabhichow for the feedback. In my use-case I'm not updating records, always overwriting with a Put
.
Problem:
Are not currently supported by the
EncryptionClient
and passed through to the underlying client.Solution:
Fully implement
transact_get_items()
andtransact_write_items()
in theEncryptionClient
Out of scope:
Is there anything the solution will intentionally NOT address? No
Workaround
I was able to implement the following workaround to encrypt one of the
Put
requests within my transaction: