npm - @exabugs/dynamodb-client - Versions diffs - 0.1.0 - Mend

@exabugs/dynamodb-client 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (230) hide show

package/CHANGELOG.md +41 -0
package/LICENSE +21 -0
package/README.md +283 -0
package/dist/client/Collection.d.ts +57 -0
package/dist/client/Collection.d.ts.map +1 -0
package/dist/client/Collection.js +174 -0
package/dist/client/Collection.js.map +1 -0
package/dist/client/Database.d.ts +35 -0
package/dist/client/Database.d.ts.map +1 -0
package/dist/client/Database.js +48 -0
package/dist/client/Database.js.map +1 -0
package/dist/client/DynamoClient.d.ts +43 -0
package/dist/client/DynamoClient.d.ts.map +1 -0
package/dist/client/DynamoClient.js +62 -0
package/dist/client/DynamoClient.js.map +1 -0
package/dist/client/FindCursor.d.ts +174 -0
package/dist/client/FindCursor.d.ts.map +1 -0
package/dist/client/FindCursor.js +256 -0
package/dist/client/FindCursor.js.map +1 -0
package/dist/client/aws-sigv4.d.ts +10 -0
package/dist/client/aws-sigv4.d.ts.map +1 -0
package/dist/client/aws-sigv4.js +54 -0
package/dist/client/aws-sigv4.js.map +1 -0
package/dist/client/index.cognito.d.ts +34 -0
package/dist/client/index.cognito.d.ts.map +1 -0
package/dist/client/index.cognito.js +30 -0
package/dist/client/index.cognito.js.map +1 -0
package/dist/client/index.d.ts +12 -0
package/dist/client/index.d.ts.map +1 -0
package/dist/client/index.iam.d.ts +34 -0
package/dist/client/index.iam.d.ts.map +1 -0
package/dist/client/index.iam.js +28 -0
package/dist/client/index.iam.js.map +1 -0
package/dist/client/index.js +12 -0
package/dist/client/index.js.map +1 -0
package/dist/client/index.token.d.ts +33 -0
package/dist/client/index.token.d.ts.map +1 -0
package/dist/client/index.token.js +28 -0
package/dist/client/index.token.js.map +1 -0
package/dist/dynamodb.d.ts +20 -0
package/dist/dynamodb.d.ts.map +1 -0
package/dist/dynamodb.js +31 -0
package/dist/dynamodb.js.map +1 -0
package/dist/errors.d.ts +100 -0
package/dist/errors.d.ts.map +1 -0
package/dist/errors.js +146 -0
package/dist/errors.js.map +1 -0
package/dist/index.d.ts +10 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +7 -0
package/dist/index.js.map +1 -0
package/dist/integrations/react-admin/dataProvider.d.ts +59 -0
package/dist/integrations/react-admin/dataProvider.d.ts.map +1 -0
package/dist/integrations/react-admin/dataProvider.js +364 -0
package/dist/integrations/react-admin/dataProvider.js.map +1 -0
package/dist/integrations/react-admin/index.d.ts +24 -0
package/dist/integrations/react-admin/index.d.ts.map +1 -0
package/dist/integrations/react-admin/index.js +23 -0
package/dist/integrations/react-admin/index.js.map +1 -0
package/dist/integrations/react-admin/types.d.ts +47 -0
package/dist/integrations/react-admin/types.d.ts.map +1 -0
package/dist/integrations/react-admin/types.js +5 -0
package/dist/integrations/react-admin/types.js.map +1 -0
package/dist/logger.d.ts +61 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +87 -0
package/dist/logger.js.map +1 -0
package/dist/scripts/repair-shadows.d.ts +3 -0
package/dist/scripts/repair-shadows.d.ts.map +1 -0
package/dist/scripts/repair-shadows.js +190 -0
package/dist/scripts/repair-shadows.js.map +1 -0
package/dist/server/handler.cjs +31378 -0
package/dist/server/handler.cjs.map +7 -0
package/dist/server/handler.d.ts +18 -0
package/dist/server/handler.d.ts.map +1 -0
package/dist/server/handler.js +435 -0
package/dist/server/handler.js.map +1 -0
package/dist/server/handler.zip +0 -0
package/dist/server/index.d.ts +8 -0
package/dist/server/index.d.ts.map +1 -0
package/dist/server/index.js +8 -0
package/dist/server/index.js.map +1 -0
package/dist/server/operations/deleteMany.d.ts +18 -0
package/dist/server/operations/deleteMany.d.ts.map +1 -0
package/dist/server/operations/deleteMany.js +222 -0
package/dist/server/operations/deleteMany.js.map +1 -0
package/dist/server/operations/deleteOne.d.ts +17 -0
package/dist/server/operations/deleteOne.d.ts.map +1 -0
package/dist/server/operations/deleteOne.js +87 -0
package/dist/server/operations/deleteOne.js.map +1 -0
package/dist/server/operations/find.d.ts +18 -0
package/dist/server/operations/find.d.ts.map +1 -0
package/dist/server/operations/find.js +382 -0
package/dist/server/operations/find.js.map +1 -0
package/dist/server/operations/findMany.d.ts +13 -0
package/dist/server/operations/findMany.d.ts.map +1 -0
package/dist/server/operations/findMany.js +61 -0
package/dist/server/operations/findMany.js.map +1 -0
package/dist/server/operations/findManyReference.d.ts +18 -0
package/dist/server/operations/findManyReference.d.ts.map +1 -0
package/dist/server/operations/findManyReference.js +150 -0
package/dist/server/operations/findManyReference.js.map +1 -0
package/dist/server/operations/findOne.d.ts +14 -0
package/dist/server/operations/findOne.d.ts.map +1 -0
package/dist/server/operations/findOne.js +56 -0
package/dist/server/operations/findOne.js.map +1 -0
package/dist/server/operations/insertMany.d.ts +19 -0
package/dist/server/operations/insertMany.d.ts.map +1 -0
package/dist/server/operations/insertMany.js +243 -0
package/dist/server/operations/insertMany.js.map +1 -0
package/dist/server/operations/insertOne.d.ts +18 -0
package/dist/server/operations/insertOne.d.ts.map +1 -0
package/dist/server/operations/insertOne.js +85 -0
package/dist/server/operations/insertOne.js.map +1 -0
package/dist/server/operations/updateMany.d.ts +20 -0
package/dist/server/operations/updateMany.d.ts.map +1 -0
package/dist/server/operations/updateMany.js +316 -0
package/dist/server/operations/updateMany.js.map +1 -0
package/dist/server/operations/updateOne.d.ts +20 -0
package/dist/server/operations/updateOne.d.ts.map +1 -0
package/dist/server/operations/updateOne.js +159 -0
package/dist/server/operations/updateOne.js.map +1 -0
package/dist/server/query/converter.d.ts +85 -0
package/dist/server/query/converter.d.ts.map +1 -0
package/dist/server/query/converter.js +161 -0
package/dist/server/query/converter.js.map +1 -0
package/dist/server/query/index.d.ts +5 -0
package/dist/server/query/index.d.ts.map +1 -0
package/dist/server/query/index.js +5 -0
package/dist/server/query/index.js.map +1 -0
package/dist/server/shadow/config.d.ts +147 -0
package/dist/server/shadow/config.d.ts.map +1 -0
package/dist/server/shadow/config.js +162 -0
package/dist/server/shadow/config.js.map +1 -0
package/dist/server/shadow/differ.d.ts +42 -0
package/dist/server/shadow/differ.d.ts.map +1 -0
package/dist/server/shadow/differ.js +66 -0
package/dist/server/shadow/differ.js.map +1 -0
package/dist/server/shadow/generator.d.ts +104 -0
package/dist/server/shadow/generator.d.ts.map +1 -0
package/dist/server/shadow/generator.js +148 -0
package/dist/server/shadow/generator.js.map +1 -0
package/dist/server/shadow/index.d.ts +11 -0
package/dist/server/shadow/index.d.ts.map +1 -0
package/dist/server/shadow/index.js +11 -0
package/dist/server/shadow/index.js.map +1 -0
package/dist/server/shadow/types.d.ts +44 -0
package/dist/server/shadow/types.d.ts.map +1 -0
package/dist/server/shadow/types.js +2 -0
package/dist/server/shadow/types.js.map +1 -0
package/dist/server/types.d.ts +295 -0
package/dist/server/types.d.ts.map +1 -0
package/dist/server/types.js +7 -0
package/dist/server/types.js.map +1 -0
package/dist/server/utils/auth.d.ts +43 -0
package/dist/server/utils/auth.d.ts.map +1 -0
package/dist/server/utils/auth.js +123 -0
package/dist/server/utils/auth.js.map +1 -0
package/dist/server/utils/bulkOperations.d.ts +81 -0
package/dist/server/utils/bulkOperations.d.ts.map +1 -0
package/dist/server/utils/bulkOperations.js +147 -0
package/dist/server/utils/bulkOperations.js.map +1 -0
package/dist/server/utils/chunking.d.ts +96 -0
package/dist/server/utils/chunking.d.ts.map +1 -0
package/dist/server/utils/chunking.js +225 -0
package/dist/server/utils/chunking.js.map +1 -0
package/dist/server/utils/dynamodb.d.ts +41 -0
package/dist/server/utils/dynamodb.d.ts.map +1 -0
package/dist/server/utils/dynamodb.js +83 -0
package/dist/server/utils/dynamodb.js.map +1 -0
package/dist/server/utils/filter.d.ts +152 -0
package/dist/server/utils/filter.d.ts.map +1 -0
package/dist/server/utils/filter.js +270 -0
package/dist/server/utils/filter.js.map +1 -0
package/dist/server/utils/pagination.d.ts +27 -0
package/dist/server/utils/pagination.d.ts.map +1 -0
package/dist/server/utils/pagination.js +56 -0
package/dist/server/utils/pagination.js.map +1 -0
package/dist/server/utils/timestamps.d.ts +31 -0
package/dist/server/utils/timestamps.d.ts.map +1 -0
package/dist/server/utils/timestamps.js +84 -0
package/dist/server/utils/timestamps.js.map +1 -0
package/dist/server/utils/ttl.d.ts +17 -0
package/dist/server/utils/ttl.d.ts.map +1 -0
package/dist/server/utils/ttl.js +62 -0
package/dist/server/utils/ttl.js.map +1 -0
package/dist/server/utils/validation.d.ts +40 -0
package/dist/server/utils/validation.d.ts.map +1 -0
package/dist/server/utils/validation.js +54 -0
package/dist/server/utils/validation.js.map +1 -0
package/dist/shadows/config.d.ts +54 -0
package/dist/shadows/config.d.ts.map +1 -0
package/dist/shadows/config.js +95 -0
package/dist/shadows/config.js.map +1 -0
package/dist/shadows/differ.d.ts +42 -0
package/dist/shadows/differ.d.ts.map +1 -0
package/dist/shadows/differ.js +66 -0
package/dist/shadows/differ.js.map +1 -0
package/dist/shadows/generator.d.ts +63 -0
package/dist/shadows/generator.d.ts.map +1 -0
package/dist/shadows/generator.js +107 -0
package/dist/shadows/generator.js.map +1 -0
package/dist/shadows/index.d.ts +15 -0
package/dist/shadows/index.d.ts.map +1 -0
package/dist/shadows/index.js +17 -0
package/dist/shadows/index.js.map +1 -0
package/dist/shadows/types.d.ts +44 -0
package/dist/shadows/types.d.ts.map +1 -0
package/dist/shadows/types.js +2 -0
package/dist/shadows/types.js.map +1 -0
package/dist/types.d.ts +165 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +2 -0
package/dist/types.js.map +1 -0
package/dist/ulid.d.ts +46 -0
package/dist/ulid.d.ts.map +1 -0
package/dist/ulid.js +66 -0
package/dist/ulid.js.map +1 -0
package/package.json +136 -0
package/terraform/README.md +222 -0
package/terraform/examples/advanced/README.md +129 -0
package/terraform/examples/advanced/main.tf +158 -0
package/terraform/examples/advanced/shadow.config.json +35 -0
package/terraform/examples/advanced/variables.tf +28 -0
package/terraform/examples/basic/README.md +53 -0
package/terraform/examples/basic/main.tf +99 -0
package/terraform/examples/basic/variables.tf +17 -0
package/terraform/main.tf +159 -0
package/terraform/outputs.tf +56 -0
package/terraform/variables.tf +59 -0

package/terraform/examples/advanced/README.md ADDED Viewed

@@ -0,0 +1,129 @@
+# Advanced Example
+This example demonstrates an advanced deployment with:
+- Multi-environment support (dev/stg/prd)
+- External shadow configuration file
+- CloudWatch Alarms
+- TTL configuration
+- Point-in-time Recovery (production only)
+- MFA configuration (production only)
+- Environment-specific settings
+## What This Example Creates
+- DynamoDB table with TTL and PITR
+- Cognito User Pool with advanced security settings
+- Cognito App Client with token validity configuration
+- Records Lambda function with Function URL
+- CloudWatch Alarms for error monitoring
+- IAM roles and policies
+- CloudWatch Logs
+## Usage
+1. Review and customize `shadow.config.json`:
+```bash
+cat shadow.config.json
+```
+2. Initialize Terraform:
+```bash
+terraform init
+```
+3. Review the plan:
+```bash
+terraform plan -var="environment=dev"
+```
+4. Apply the configuration:
+```bash
+terraform apply -var="environment=dev"
+```
+5. Get the outputs:
+```bash
+terraform output
+```
+## Environment-Specific Settings
+### Development (dev)
+- Log retention: 7 days
+- Log level: debug
+- MFA: Optional
+- PITR: Disabled
+### Staging (stg)
+- Log retention: 7 days
+- Log level: info
+- MFA: Optional
+- PITR: Disabled
+### Production (prd)
+- Log retention: 30 days
+- Log level: warn
+- MFA: Required
+- PITR: Enabled
+## Shadow Configuration
+The `shadow.config.json` file defines sortable fields for each resource:
+```json
+{
+  "$schemaVersion": "1.0",
+  "resources": {
+    "articles": {
+      "sortDefaults": {
+        "field": "updatedAt",
+        "order": "DESC"
+      },
+      "shadows": {
+        "title": { "type": "string" },
+        "status": { "type": "string" },
+        "publishedAt": { "type": "datetime" },
+        "createdAt": { "type": "datetime" },
+        "updatedAt": { "type": "datetime" }
+      }
+    }
+  }
+}
+```
+## CloudWatch Alarms
+The example includes a CloudWatch Alarm that triggers when:
+- Lambda function errors exceed 10 in a 5-minute period
+To receive notifications, provide an SNS topic ARN:
+```bash
+terraform apply -var="sns_topic_arn=arn:aws:sns:us-east-1:123456789012:alerts"
+```
+## Clean Up
+To destroy all resources:
+```bash
+terraform destroy
+```
+## Customization
+You can customize the deployment by modifying variables:
+```bash
+terraform apply \
+  -var="project_name=my-app" \
+  -var="environment=prd" \
+  -var="region=ap-northeast-1" \
+  -var="sns_topic_arn=arn:aws:sns:..."
+```

package/terraform/examples/advanced/main.tf ADDED Viewed

@@ -0,0 +1,158 @@
+# Advanced Example: Multi-Environment with External Shadow Config
+terraform {
+  required_version = ">= 1.5.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+provider "aws" {
+  region = var.region
+}
+# DynamoDB Table with TTL
+resource "aws_dynamodb_table" "main" {
+  name         = "${var.project_name}-${var.environment}-records"
+  billing_mode = "PAY_PER_REQUEST"
+  hash_key     = "PK"
+  range_key    = "SK"
+  attribute {
+    name = "PK"
+    type = "S"
+  }
+  attribute {
+    name = "SK"
+    type = "S"
+  }
+  # TTL Configuration
+  ttl {
+    attribute_name = "ttl"
+    enabled        = true
+  }
+  # Point-in-time Recovery
+  point_in_time_recovery {
+    enabled = var.environment == "prd"
+  }
+  tags = {
+    Name        = "${var.project_name}-${var.environment}-records"
+    Environment = var.environment
+  }
+}
+# Cognito User Pool with Advanced Settings
+resource "aws_cognito_user_pool" "main" {
+  name = "${var.project_name}-${var.environment}-users"
+  # Password Policy
+  password_policy {
+    minimum_length    = 8
+    require_lowercase = true
+    require_numbers   = true
+    require_symbols   = true
+    require_uppercase = true
+  }
+  # MFA Configuration
+  mfa_configuration = var.environment == "prd" ? "REQUIRED" : "OPTIONAL"
+  tags = {
+    Name        = "${var.project_name}-${var.environment}-users"
+    Environment = var.environment
+  }
+}
+# Cognito App Client
+resource "aws_cognito_user_pool_client" "main" {
+  name         = "${var.project_name}-${var.environment}-client"
+  user_pool_id = aws_cognito_user_pool.main.id
+  explicit_auth_flows = [
+    "ALLOW_USER_SRP_AUTH",
+    "ALLOW_REFRESH_TOKEN_AUTH"
+  ]
+  # Token Validity
+  access_token_validity  = 1  # 1 hour
+  id_token_validity      = 1  # 1 hour
+  refresh_token_validity = 30 # 30 days
+  token_validity_units {
+    access_token  = "hours"
+    id_token      = "hours"
+    refresh_token = "days"
+  }
+}
+# Records Lambda Module with External Config
+module "lambda_records" {
+  source = "../../"
+  project_name = var.project_name
+  environment  = var.environment
+  region       = var.region
+  # DynamoDB
+  dynamodb_table_name = aws_dynamodb_table.main.name
+  dynamodb_table_arn  = aws_dynamodb_table.main.arn
+  # Cognito
+  cognito_user_pool_id = aws_cognito_user_pool.main.id
+  cognito_client_id    = aws_cognito_user_pool_client.main.id
+  # Shadow Config from External File
+  shadow_config = base64encode(file("${path.module}/shadow.config.json"))
+  # Logging (environment-specific)
+  log_retention_days = var.environment == "prd" ? 30 : 7
+  log_level          = var.environment == "prd" ? "warn" : "debug"
+}
+# CloudWatch Alarm for Lambda Errors
+resource "aws_cloudwatch_metric_alarm" "lambda_errors" {
+  alarm_name          = "${var.project_name}-${var.environment}-lambda-errors"
+  comparison_operator = "GreaterThanThreshold"
+  evaluation_periods  = 1
+  metric_name         = "Errors"
+  namespace           = "AWS/Lambda"
+  period              = 300
+  statistic           = "Sum"
+  threshold           = 10
+  alarm_description   = "Lambda function error rate is too high"
+  dimensions = {
+    FunctionName = module.lambda_records.function_name
+  }
+  alarm_actions = var.sns_topic_arn != "" ? [var.sns_topic_arn] : []
+}
+# Outputs
+output "function_url" {
+  description = "Lambda Function URL"
+  value       = module.lambda_records.function_url
+}
+output "function_name" {
+  description = "Lambda Function Name"
+  value       = module.lambda_records.function_name
+}
+output "cognito_user_pool_id" {
+  description = "Cognito User Pool ID"
+  value       = aws_cognito_user_pool.main.id
+}
+output "cognito_client_id" {
+  description = "Cognito App Client ID"
+  value       = aws_cognito_user_pool_client.main.id
+}

package/terraform/examples/advanced/shadow.config.json ADDED Viewed

@@ -0,0 +1,35 @@
+{
+  "$schemaVersion": "1.0",
+  "resources": {
+    "articles": {
+      "sortDefaults": {
+        "field": "updatedAt",
+        "order": "DESC"
+      },
+      "shadows": {
+        "title": { "type": "string" },
+        "status": { "type": "string" },
+        "publishedAt": { "type": "datetime" },
+        "createdAt": { "type": "datetime" },
+        "updatedAt": { "type": "datetime" }
+      },
+      "ttl": {
+        "days": 90
+      }
+    },
+    "tasks": {
+      "sortDefaults": {
+        "field": "priority",
+        "order": "DESC"
+      },
+      "shadows": {
+        "title": { "type": "string" },
+        "status": { "type": "string" },
+        "priority": { "type": "number" },
+        "dueDate": { "type": "datetime" },
+        "createdAt": { "type": "datetime" },
+        "updatedAt": { "type": "datetime" }
+      }
+    }
+  }
+}

package/terraform/examples/advanced/variables.tf ADDED Viewed

@@ -0,0 +1,28 @@
+variable "project_name" {
+  description = "Project name"
+  type        = string
+  default     = "my-project"
+}
+variable "environment" {
+  description = "Environment (dev/stg/prd)"
+  type        = string
+  default     = "dev"
+  validation {
+    condition     = contains(["dev", "stg", "prd"], var.environment)
+    error_message = "Environment must be dev, stg, or prd."
+  }
+}
+variable "region" {
+  description = "AWS Region"
+  type        = string
+  default     = "us-east-1"
+}
+variable "sns_topic_arn" {
+  description = "SNS Topic ARN for CloudWatch Alarms (optional)"
+  type        = string
+  default     = ""
+}

package/terraform/examples/basic/README.md ADDED Viewed

@@ -0,0 +1,53 @@
+# Basic Example
+This example demonstrates a basic deployment of the DynamoDB Client Lambda function with minimal configuration.
+## What This Example Creates
+- DynamoDB table (Single-Table design)
+- Cognito User Pool (for authentication)
+- Records Lambda function with Function URL
+- IAM roles and policies
+- CloudWatch Logs
+## Usage
+1. Initialize Terraform:
+```bash
+terraform init
+```
+2. Review the plan:
+```bash
+terraform plan
+```
+3. Apply the configuration:
+```bash
+terraform apply
+```
+4. Get the Function URL:
+```bash
+terraform output function_url
+```
+## Clean Up
+To destroy all resources:
+```bash
+terraform destroy
+```
+## Customization
+You can customize the deployment by modifying `variables.tf` or passing variables:
+```bash
+terraform apply -var="project_name=my-app" -var="environment=prod"
+```

package/terraform/examples/basic/main.tf ADDED Viewed

@@ -0,0 +1,99 @@
+# Basic Example: DynamoDB Client Lambda Deployment
+terraform {
+  required_version = ">= 1.5.0"
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+}
+provider "aws" {
+  region = var.region
+}
+# DynamoDB Table
+resource "aws_dynamodb_table" "main" {
+  name         = "${var.project_name}-${var.environment}-records"
+  billing_mode = "PAY_PER_REQUEST"
+  hash_key     = "PK"
+  range_key    = "SK"
+  attribute {
+    name = "PK"
+    type = "S"
+  }
+  attribute {
+    name = "SK"
+    type = "S"
+  }
+  tags = {
+    Name        = "${var.project_name}-${var.environment}-records"
+    Environment = var.environment
+  }
+}
+# Cognito User Pool
+resource "aws_cognito_user_pool" "main" {
+  name = "${var.project_name}-${var.environment}-users"
+  tags = {
+    Name        = "${var.project_name}-${var.environment}-users"
+    Environment = var.environment
+  }
+}
+# Records Lambda Module
+module "lambda_records" {
+  source = "../../"
+  project_name = var.project_name
+  environment  = var.environment
+  region       = var.region
+  # DynamoDB
+  dynamodb_table_name = aws_dynamodb_table.main.name
+  dynamodb_table_arn  = aws_dynamodb_table.main.arn
+  # Cognito
+  cognito_user_pool_id = aws_cognito_user_pool.main.id
+  # Shadow Config
+  shadow_config = base64encode(jsonencode({
+    "$schemaVersion" = "1.0"
+    resources = {
+      articles = {
+        sortDefaults = {
+          field = "updatedAt"
+          order = "DESC"
+        }
+        shadows = {
+          title     = { type = "string" }
+          status    = { type = "string" }
+          createdAt = { type = "datetime" }
+          updatedAt = { type = "datetime" }
+        }
+      }
+    }
+  }))
+  # Logging
+  log_retention_days = 7
+  log_level          = "info"
+}
+# Outputs
+output "function_url" {
+  description = "Lambda Function URL"
+  value       = module.lambda_records.function_url
+}
+output "function_name" {
+  description = "Lambda Function Name"
+  value       = module.lambda_records.function_name
+}

package/terraform/examples/basic/variables.tf ADDED Viewed

@@ -0,0 +1,17 @@
+variable "project_name" {
+  description = "Project name"
+  type        = string
+  default     = "my-project"
+}
+variable "environment" {
+  description = "Environment (dev/stg/prd)"
+  type        = string
+  default     = "dev"
+}
+variable "region" {
+  description = "AWS Region"
+  type        = string
+  default     = "us-east-1"
+}

package/terraform/main.tf ADDED Viewed

@@ -0,0 +1,159 @@
+# Records Lambda関数モジュール
+# Records Lambda専用IAMロール
+# 最小権限の原則に従い、DynamoDBとCloudWatch Logsのみにアクセス可能
+resource "aws_iam_role" "lambda_records" {
+  name = "${var.project_name}-${var.environment}-records-lambda-role"
+  assume_role_policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Principal = {
+          Service = "lambda.amazonaws.com"
+        }
+      }
+    ]
+  })
+  tags = {
+    Name        = "${var.project_name}-${var.environment}-records-lambda-role"
+    Environment = var.environment
+    ManagedBy   = "terraform"
+    Purpose     = "records-lambda"
+  }
+}
+# AWSマネージドポリシー: CloudWatch Logs
+resource "aws_iam_role_policy_attachment" "records_basic_execution" {
+  role       = aws_iam_role.lambda_records.name
+  policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole"
+}
+# AWSマネージドポリシー: X-Ray
+resource "aws_iam_role_policy_attachment" "records_xray" {
+  role       = aws_iam_role.lambda_records.name
+  policy_arn = "arn:aws:iam::aws:policy/AWSXRayDaemonWriteAccess"
+}
+# カスタムインラインポリシー: DynamoDBアクセス
+# Records Lambdaは特定テーブルへの読み書きのみ可能
+resource "aws_iam_role_policy" "records_dynamodb" {
+  name = "dynamodb-access"
+  role = aws_iam_role.lambda_records.id
+  policy = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Effect = "Allow"
+        Action = [
+          "dynamodb:GetItem",
+          "dynamodb:PutItem",
+          "dynamodb:UpdateItem",
+          "dynamodb:DeleteItem",
+          "dynamodb:Query",
+          "dynamodb:Scan",
+          "dynamodb:BatchGetItem",
+          "dynamodb:TransactWriteItems"
+        ]
+        Resource = var.dynamodb_table_arn
+      }
+    ]
+  })
+}
+# CloudWatch Logsロググループ
+resource "aws_cloudwatch_log_group" "lambda_records" {
+  name              = "/aws/lambda/${var.project_name}-${var.environment}-records"
+  retention_in_days = var.log_retention_days
+  tags = {
+    Name = "${var.project_name}-${var.environment}-records-logs"
+  }
+}
+# Lambda関数のZIPファイルを作成
+data "archive_file" "lambda_records" {
+  type        = "zip"
+  source_file = "${path.module}/../dist/server/handler.cjs"
+  output_path = "${path.module}/../dist/server/handler.zip"
+}
+# Lambda関数
+resource "aws_lambda_function" "records" {
+  function_name = "${var.project_name}-${var.environment}-records"
+  description   = "Records Lambda - CRUD operations with shadow management"
+  role          = aws_iam_role.lambda_records.arn
+  # ビルド成果物
+  filename         = data.archive_file.lambda_records.output_path
+  source_code_hash = "${data.archive_file.lambda_records.output_base64sha256}-${base64sha256(var.shadow_config)}"
+  # ランタイム設定
+  runtime       = "nodejs22.x"
+  architectures = ["arm64"]
+  handler       = "handler.handler"
+  # パフォーマンス設定
+  timeout     = 30
+  memory_size = 512
+  # 環境変数
+  environment {
+    variables = {
+      ENV                  = var.environment
+      REGION               = var.region
+      TABLE_NAME           = var.dynamodb_table_name
+      COGNITO_USER_POOL_ID = var.cognito_user_pool_id
+      COGNITO_CLIENT_ID    = var.cognito_client_id
+      COGNITO_REGION       = var.region
+      SHADOW_CONFIG        = var.shadow_config
+      LOG_LEVEL            = var.log_level
+    }
+  }
+  # X-Ray有効化
+  tracing_config {
+    mode = "Active"
+  }
+  # CloudWatch Logsへの依存関係を明示
+  depends_on = [
+    aws_cloudwatch_log_group.lambda_records,
+    aws_iam_role_policy.records_dynamodb
+  ]
+  tags = {
+    Name = "${var.project_name}-${var.environment}-records"
+  }
+}
+# Lambda Function URL
+resource "aws_lambda_function_url" "records" {
+  function_name      = aws_lambda_function.records.function_name
+  authorization_type = "NONE" # JWT検証はLambda内で実施
+  # CORS設定
+  cors {
+    allow_origins     = ["*"]
+    allow_methods     = ["POST"]
+    allow_headers     = ["content-type", "authorization", "x-amz-date", "x-api-key", "x-amz-security-token"]
+    expose_headers    = ["content-type", "x-amzn-requestid"]
+    allow_credentials = false
+    max_age           = 86400 # 24時間
+  }
+  depends_on = [aws_lambda_function.records]
+}
+# Lambda Function URLのリソースベースポリシー
+resource "aws_lambda_permission" "function_url" {
+  statement_id           = "AllowFunctionURLInvoke"
+  action                 = "lambda:InvokeFunctionUrl"
+  function_name          = aws_lambda_function.records.function_name
+  principal              = "*"
+  function_url_auth_type = "NONE"
+}