wave When adding a DynamoDB data source to an AppSyncApi un Serverless Stack #help

:wave: When adding a DynamoDB data source to an Ap...

Michael Wolfenden

01/25/2022, 6:09 AM

👋 When adding a DynamoDB data source to an AppSyncApi, under the covers a role is created that gives access to that particular table. Is this anyway to add additional permissions to this role. In my case I have a request template that modifies multiple tables in a single transaction so I need UpdateItem permissions added to the role for multiple tables.

Frank

01/25/2022, 7:17 PM

Hey @Michael Wolfenden, try this

Copy code

const api = new AppSyncApi(this, "Api", {
  ...,
  dataSources: {
    ds: { table: myTable },
  },
});

api.getDataSource("ds").grantPrincipal(...);

Michael Wolfenden

01/26/2022, 10:01 PM

grantPrincipal

doesn't exist on type

BaseDataSource

Michael Wolfenden

01/26/2022, 10:28 PM

I has to cast as

DynamoDbDataSource

but is a bit gross, but it worked

Copy code

const likesTableDS = appSyncApi.getDataSource(
    'likeMutation'
  ) as appsync.DynamoDbDataSource

  invariant(likesTableDS)

  likesTableDS.grantPrincipal.addToPrincipalPolicy(
    new iam.PolicyStatement({
      actions: ['dynamodb:UpdateItem'],
      effect: iam.Effect.ALLOW,
      resources: [usersTable.tableArn, tweetsTable.tableArn],
    })
  )

Michael Wolfenden

01/26/2022, 10:30 PM

Would be nice to allow multiples tables in a datasource

Copy code

dataSources: {
    likeMutation: { tables: [likesTable, usersTable, tweetsTable] }
}

Michael Wolfenden

01/26/2022, 10:30 PM

Thanks for you help though .. much appreciated

Open in Slack

Previous Next