https://serverless-stack.com/ logo
Join Slack
Powered by
Hi there! In my `StorageStack` I'm creating an sst...
# sst
b
Hi there! In my 
StorageStack
I'm creating an sst.Table construct that references an existing table, like so:
Copy code
this.myDataTable = new sst.Table(this, 'MyData', {
      dynamodbTable: dynamodb.Table.fromTableArn(this, 'MyDataTable', `arn:aws:dynamodb:${scope.region}:${scope.account}:table/${scope.stage}-my-data`)
    })
Then in my 
ApiStack
I'm granting the Api permissions, like so:
Copy code
this.api.attachPermissions([myDataTable])
All is well.. Hurray. But... If I want to query from a global secondary index, such as 
GSI0
, I get permission denied. Do I need to create an additional sst.Table construct pointing to that index? such as:
Copy code
this.myDataGSITable = new sst.Table(this, 'MyDataGSI', {
      dynamodbTable: dynamodb.Table.fromTableArn(this, 'MyDataTableGSI', `arn:aws:dynamodb:${scope.region}:${scope.account}:table/${scope.stage}-my-data/index/GSI0`)
    })
Or is there a more appropriate method to grant access to the API?
a
how are you specifying that this table has global secondary indexes?
d
Instead of 
fromTableArn
you need to use 
fromTableAttributes
and specify that the table has secondary indexes.
b
Aaaah!! That sounds promising! Thank you very much!
@Derek Kershner No joy so far. I modified my table definition in the 
StorageStack
to:
Copy code
this.myDataGSITable = new sst.Table(this, 'MyDataGSI', {
      dynamodbTable: dynamodb.Table.fromTableAttributes(this, 'MyDataTableGSI', {
tableArn: `arn:aws:dynamodb:${scope.region}:${scope.account}:table/${scope.stage}-my-data`),
globalIndexes: ['GSI0']
    }
d
You in JS? its got a shape…
maybe it doesnt, actually…
b
Seems to fit the description in the cdk docs, but still doesn't seem to apply the permissions.
d
pulling up a stack…one moment.
b
Thanks
d
our fromTableAttributes looks the same…
then I 
this.metadataDynamoTable.grantReadWriteData(postImagesLambda);
with it
this seems to give me access with no issues, and i have replicated this pattern many times
b
I'll try that. I was using this in my APIStack and massing the table ref in.
Copy code
this.api.attachPermissions([myDataTable])
d
not sure why attach permissions would work differently, but perhaps the SST gang will chime in
b
Ok.. so.. umm.. sometimes we overlook things. 🤦‍♂️ My actual implementation has a number of tables in it, so what I posted was a simplification. All the while I didn't notice that the table I was trying to read from wasn't even in my list of tables to add permission to.. So it works with what you gave me initially.. Thanks a bunch!
d
lol, it happens to everyone
3 Views
Open in Slack
PreviousNext
Powered by