eli-darkly
commented
2 years ago Hi. Sorry that this information seems not to have made it into the docs - we're working now on adding it to relevant pages. In the meantime, here are the answers:
- For a process to read from the DynamoDB table, it needs these permissions:
GetItem,Query - For a process to write to the DynamoDB table, it needs these permissions:
PutItem,UpdateItem,DeleteItem,BatchWriteItem,ConditionCheckItem
If you're not concerned with being very granular in your permissions, then you could use a wildcard of *Item and then add Query as well. The reason I broke it down this way into reading vs. writing is that depending on how you've deployed your various components and how you're using roles in AWS, you might or might not want to make a distinction between processes that can both read and write, and processes that can only read. For instance, if you're using the Relay Proxy to populate the database (which I'm guessing you are, because that's necessary for using Big Segments), and you've configured the Node SDK with useLdd: true so that it will get all its data from that database, and if they are running on different hosts that have different roles, then you could use read-only access for the role that's being used by the Node app; the Node SDK wouldn't be doing any writing in that scenario.
kinyoklion
Hi LaunchDarkly team,
Our team is so keen to know which DynamoDB permissions are required in our infrastructure in order to benefit from
feature storeandbig segmentsin Node SDK. Would you be able to elaborate on this or steer me to the right documents or more info, please?