@exabugs/dynamodb-client 0.5.0 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (10) hide show
  1. package/README.md +78 -7
  2. package/dist/server/handler.cjs +2 -2
  3. package/package.json +1 -1
  4. package/terraform/main.tf +26 -0
  5. package/terraform/modules/parameter-store/README.md +129 -0
  6. package/terraform/modules/parameter-store/iam.tf +13 -0
  7. package/terraform/modules/parameter-store/main.tf +108 -0
  8. package/terraform/modules/parameter-store/outputs.tf +43 -0
  9. package/terraform/modules/parameter-store/variables.tf +46 -0
  10. package/terraform/variables.tf +10 -0
package/README.md CHANGED
@@ -265,6 +265,77 @@ See the [example project's documentation](https://github.com/exabugs/dynamodb-cl
265
265
 
266
266
  ---
267
267
 
268
+ ## 🔧 Configuration Management
269
+
270
+ ### Parameter Store Integration
271
+
272
+ The library supports AWS Parameter Store for flexible configuration management, eliminating the need for Terraform outputs in application code.
273
+
274
+ #### Parameter Structure
275
+
276
+ Parameters are organized hierarchically:
277
+
278
+ ```
279
+ /{project_name}/{environment}/
280
+ ├── app/
281
+ │ ├── records-api-url # Lambda Function URL
282
+ │ └── admin-ui/
283
+ │ ├── cognito-user-pool-id
284
+ │ ├── cognito-client-id
285
+ │ └── cognito-domain
286
+ ├── infra/
287
+ │ └── dynamodb-table-name
288
+ └── lambda/
289
+ └── records-function-arn
290
+ ```
291
+
292
+ #### Benefits
293
+
294
+ - **🔄 Dynamic Configuration**: Update settings without redeployment
295
+ - **🔐 Secure Storage**: All parameters encrypted with AWS managed KMS keys
296
+ - **💰 Cost Effective**: Standard tier is free for typical usage
297
+ - **📊 Audit Trail**: Complete change history via CloudTrail
298
+ - **🎯 Environment Separation**: Clear dev/stg/prd isolation
299
+
300
+ #### Usage in Applications
301
+
302
+ **React Admin UI**:
303
+
304
+ ```typescript
305
+ // Read configuration from Parameter Store
306
+ const config = await getParametersByPath(`/${PROJECT_NAME}/${ENV}/app/admin-ui/`);
307
+
308
+ const cognitoConfig = {
309
+ userPoolId: config['cognito-user-pool-id'],
310
+ clientId: config['cognito-client-id'],
311
+ domain: config['cognito-domain'],
312
+ };
313
+ ```
314
+
315
+ **Lambda Functions**:
316
+
317
+ ```typescript
318
+ // Read specific parameters
319
+ const recordsApiUrl = await getParameter(`/${PROJECT_NAME}/${ENV}/app/records-api-url`);
320
+ ```
321
+
322
+ #### IAM Permissions
323
+
324
+ The Terraform module automatically creates appropriate IAM policies:
325
+
326
+ - **Admin UI**: Read access to `/app/admin-ui/*` parameters
327
+ - **Fetch Lambda**: Read access to specific required parameters
328
+ - **Minimal Permissions**: Following least privilege principle
329
+
330
+ #### Migration from Terraform Outputs
331
+
332
+ 1. **Deploy Parameter Store module** (included in v0.6.0+)
333
+ 2. **Update application code** to read from Parameter Store
334
+ 3. **Remove Terraform output dependencies**
335
+ 4. **Enjoy flexible configuration management**
336
+
337
+ ---
338
+
268
339
  ## 🔧 Shadow Configuration
269
340
 
270
341
  ### Overview
@@ -273,12 +344,12 @@ The shadow feature automatically makes all fields sortable without requiring JSO
273
344
 
274
345
  ### Environment Variables
275
346
 
276
- | Variable | Default | Description |
277
- |----------|---------|-------------|
278
- | `SHADOW_CREATED_AT_FIELD` | `createdAt` | Field name for creation timestamp |
279
- | `SHADOW_UPDATED_AT_FIELD` | `updatedAt` | Field name for update timestamp |
280
- | `SHADOW_STRING_MAX_BYTES` | `100` | Max bytes for primitive types (array/object use 2x) |
281
- | `SHADOW_NUMBER_PADDING` | `15` | Padding digits for numbers |
347
+ | Variable | Default | Description |
348
+ | ------------------------- | ----------- | --------------------------------------------------- |
349
+ | `SHADOW_CREATED_AT_FIELD` | `createdAt` | Field name for creation timestamp |
350
+ | `SHADOW_UPDATED_AT_FIELD` | `updatedAt` | Field name for update timestamp |
351
+ | `SHADOW_STRING_MAX_BYTES` | `100` | Max bytes for primitive types (array/object use 2x) |
352
+ | `SHADOW_NUMBER_PADDING` | `15` | Padding digits for numbers |
282
353
 
283
354
  ### Supported Types
284
355
 
@@ -300,7 +371,7 @@ const record = {
300
371
  viewCount: 123,
301
372
  published: true,
302
373
  tags: ['tech', 'aws'],
303
- metadata: { category: 'tech' }
374
+ metadata: { category: 'tech' },
304
375
  };
305
376
 
306
377
  // Automatically generates shadow records:
package/dist/server/handler.cjs CHANGED
@@ -1,5 +1,5 @@
1
- // @exabugs/dynamodb-client v0.5.0
2
- // Built: 2025-12-23T05:07:58.552Z
1
+ // @exabugs/dynamodb-client v0.6.1
2
+ // Built: 2025-12-27T04:48:12.419Z
3
3
  "use strict";
4
4
  var __create = Object.create;
5
5
  var __defProp = Object.defineProperty;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@exabugs/dynamodb-client",
3
- "version": "0.5.0",
3
+ "version": "0.6.1",
4
4
  "description": "DynamoDB Single-Table Client SDK with MongoDB-like API, Shadow Records, and Lambda implementation for serverless applications",
5
5
  "author": "exabugs",
6
6
  "license": "MIT",
package/terraform/main.tf CHANGED
@@ -161,3 +161,29 @@ resource "aws_lambda_permission" "function_url" {
161
161
  principal = "*"
162
162
  function_url_auth_type = "NONE"
163
163
  }
164
+ # Parameter Store モジュール
165
+ module "parameter_store" {
166
+ source = "./modules/parameter-store"
167
+
168
+ # 基本設定
169
+ project_name = var.project_name
170
+ environment = var.environment
171
+ region = var.region
172
+
173
+ # Records Lambda設定
174
+ records_function_url = aws_lambda_function_url.records.function_url
175
+ records_function_arn = aws_lambda_function.records.arn
176
+
177
+ # Cognito設定
178
+ cognito_user_pool_id = var.cognito_user_pool_id
179
+ cognito_admin_ui_client_id = var.cognito_admin_ui_client_id
180
+ cognito_user_pool_domain = var.cognito_user_pool_domain
181
+
182
+ # DynamoDB設定
183
+ dynamodb_table_name = var.dynamodb_table_name
184
+
185
+ depends_on = [
186
+ aws_lambda_function.records,
187
+ aws_lambda_function_url.records
188
+ ]
189
+ }
package/terraform/modules/parameter-store/README.md ADDED
@@ -0,0 +1,129 @@
1
+ # Parameter Store Terraform Module
2
+
3
+ AWS Parameter Storeを使用してアプリケーション設定を管理するTerraformモジュールです。
4
+
5
+ ## 概要
6
+
7
+ このモジュールは、DynamoDB Clientライブラリを使用するアプリケーションの設定情報をAWS Parameter Storeで管理します。
8
+
9
+ ## 特徴
10
+
11
+ - **Standard階層**: 標準スループット(1,000 TPS以下)では無料
12
+ - **SecureString**: すべてのパラメータをKMS暗号化で保存
13
+ - **AWS管理キー**: `alias/aws/ssm`を使用(月額料金なし)
14
+ - **階層構造**: `/{project_name}/{environment}/`で環境別に管理
15
+ - **IAMポリシー**: Admin UIとFetch Lambda用のアクセス権限を提供
16
+
17
+ ## 使用方法
18
+
19
+ ```hcl
20
+ module "parameter_store" {
21
+ source = "./modules/parameter-store"
22
+
23
+ # 基本設定
24
+ project_name = "my-project"
25
+ environment = "dev"
26
+ region = "us-east-1"
27
+
28
+ # Records Lambda設定(必須)
29
+ records_function_url = aws_lambda_function_url.records.function_url
30
+ records_function_arn = aws_lambda_function.records.arn
31
+ }
32
+ ```
33
+
34
+ **Note**: このモジュールは外部参照用のプレースホルダーパラメータも作成します。実際の値は他のTerraformモジュール(Cognito、DynamoDB等)から設定してください。
35
+
36
+ ### プレースホルダーパラメータの更新
37
+
38
+ 他のTerraformモジュールから値を設定する例:
39
+
40
+ ```hcl
41
+ # Cognitoモジュールから
42
+ resource "aws_ssm_parameter" "cognito_user_pool_id" {
43
+ name = "/${var.project_name}/${var.environment}/app/admin-ui/cognito-user-pool-id"
44
+ type = "SecureString"
45
+ value = aws_cognito_user_pool.main.id
46
+ overwrite = true
47
+ }
48
+
49
+ # DynamoDBモジュールから
50
+ resource "aws_ssm_parameter" "dynamodb_table_name" {
51
+ name = "/${var.project_name}/${var.environment}/infra/dynamodb-table-name"
52
+ type = "SecureString"
53
+ value = aws_dynamodb_table.main.name
54
+ overwrite = true
55
+ }
56
+ ```
57
+
58
+ ## パラメータ構造
59
+
60
+ ### アプリケーション設定 (`/app/`)
61
+
62
+ - `/{project_name}/{environment}/app/records-api-url`
63
+ - `/{project_name}/{environment}/app/admin-ui/cognito-user-pool-id`
64
+ - `/{project_name}/{environment}/app/admin-ui/cognito-client-id`
65
+ - `/{project_name}/{environment}/app/admin-ui/cognito-domain`
66
+
67
+ ### インフラ情報 (`/infra/`)
68
+
69
+ - `/{project_name}/{environment}/infra/dynamodb-table-name`
70
+
71
+ ### Lambda情報 (`/lambda/`)
72
+
73
+ - `/{project_name}/{environment}/lambda/records-function-arn`
74
+
75
+ ## IAMポリシー
76
+
77
+ ### Admin UI用ポリシー
78
+
79
+ Admin UIが必要とするパラメータへの読み取り権限:
80
+
81
+ ```json
82
+ {
83
+ "Effect": "Allow",
84
+ "Action": ["ssm:GetParameter", "ssm:GetParameters", "ssm:GetParametersByPath"],
85
+ "Resource": ["arn:aws:ssm:region:*:parameter/{project_name}/{environment}/app/*"]
86
+ }
87
+ ```
88
+
89
+ ### Fetch Lambda用ポリシー
90
+
91
+ Fetch Lambdaが必要とする特定パラメータへの読み取り権限:
92
+
93
+ ```json
94
+ {
95
+ "Effect": "Allow",
96
+ "Action": ["ssm:GetParameter", "ssm:GetParameters"],
97
+ "Resource": [
98
+ "arn:aws:ssm:region:*:parameter/{project_name}/{environment}/app/records-api-url",
99
+ "arn:aws:ssm:region:*:parameter/{project_name}/{environment}/lambda/records-function-arn"
100
+ ]
101
+ }
102
+ ```
103
+
104
+ ## 出力
105
+
106
+ - `parameter_arns`: 作成されたパラメータのARN一覧
107
+ - `parameter_names`: 作成されたパラメータの名前一覧
108
+ - `parameter_paths`: 作成されたパラメータのパス一覧
109
+ - `iam_policy_arns`: 作成されたIAMポリシーのARN一覧
110
+ - `iam_policy_names`: 作成されたIAMポリシーの名前一覧
111
+
112
+ ## コスト
113
+
114
+ - **Parameter Store Standard**: 標準スループット(1,000 TPS以下)では無料
115
+ - **AWS管理キー**: 無料(カスタマー管理キーと異なり月額料金なし)
116
+ - **実質的なコスト**: 通常の使用では完全に無料
117
+
118
+ ## セキュリティ
119
+
120
+ - すべてのパラメータがKMS暗号化(SecureString)
121
+ - IAMによる細かい権限管理
122
+ - CloudTrailで完全な操作追跡
123
+ - 最小権限の原則に基づくアクセス制御
124
+
125
+ ## 要件
126
+
127
+ - Terraform >= 1.0
128
+ - AWS Provider >= 4.0
129
+ - 適切なAWS認証情報の設定
package/terraform/modules/parameter-store/iam.tf ADDED
@@ -0,0 +1,13 @@
1
+ # Parameter Store アクセス用IAMポリシー
2
+
3
+ # Note: 実際のプロジェクトでは、以下のようなIAMポリシーを
4
+ # 各リソース(Admin UI、Fetch Lambda等)で個別に定義してください:
5
+
6
+ # Admin UI用Parameter Store読み取りポリシー例:
7
+ # Resource: "arn:aws:ssm:region:*:parameter/{project_name}/{environment}/app/*"
8
+
9
+ # Fetch Lambda用Parameter Store読み取りポリシー例:
10
+ # Resource: [
11
+ # "arn:aws:ssm:region:*:parameter/{project_name}/{environment}/app/records-api-url",
12
+ # "arn:aws:ssm:region:*:parameter/{project_name}/{environment}/lambda/records-function-arn"
13
+ # ]
package/terraform/modules/parameter-store/main.tf ADDED
@@ -0,0 +1,108 @@
1
+ # Parameter Store モジュール
2
+ # AWS Parameter Store を使用してアプリケーション設定を管理
3
+
4
+ # Parameter Store設定の共通変数
5
+ locals {
6
+ parameter_tier = "Standard" # Standard階層を使用(実質無料)
7
+ parameter_type = "SecureString" # すべてSecureStringで統一
8
+ # AWS管理キー(alias/aws/ssm)を使用(カスタマー管理キーは禁止)
9
+ }
10
+
11
+ # Records Lambda Function URL (外部参照用)
12
+ resource "aws_ssm_parameter" "app_records_api_url" {
13
+ name = "/${var.project_name}/${var.environment}/app/records-api-url"
14
+ type = local.parameter_type
15
+ tier = local.parameter_tier
16
+ value = var.records_function_url
17
+
18
+ description = "Records Lambda Function URL"
19
+
20
+ tags = {
21
+ Environment = var.environment
22
+ ManagedBy = "terraform"
23
+ Category = "app-config"
24
+ }
25
+ }
26
+
27
+ # Records Lambda Function ARN (外部参照用)
28
+ resource "aws_ssm_parameter" "lambda_records_function_arn" {
29
+ name = "/${var.project_name}/${var.environment}/lambda/records-function-arn"
30
+ type = local.parameter_type
31
+ tier = local.parameter_tier
32
+ value = var.records_function_arn
33
+
34
+ description = "Records Lambda Function ARN"
35
+
36
+ tags = {
37
+ Environment = var.environment
38
+ ManagedBy = "terraform"
39
+ Category = "lambda-info"
40
+ }
41
+ }
42
+
43
+ # 外部参照用のパラメータ(実際の値を設定)
44
+ # アプリケーション(Admin UI、Fetch Lambda等)がこれらの値を参照する
45
+
46
+ # Cognito User Pool ID (Admin UI参照用)
47
+ resource "aws_ssm_parameter" "app_admin_ui_cognito_user_pool_id" {
48
+ name = "/${var.project_name}/${var.environment}/app/admin-ui/cognito-user-pool-id"
49
+ type = local.parameter_type
50
+ tier = local.parameter_tier
51
+ value = var.cognito_user_pool_id
52
+
53
+ description = "Cognito User Pool ID for Admin UI"
54
+
55
+ tags = {
56
+ Environment = var.environment
57
+ ManagedBy = "terraform"
58
+ Category = "app-config"
59
+ }
60
+ }
61
+
62
+ # Cognito Client ID (Admin UI参照用)
63
+ resource "aws_ssm_parameter" "app_admin_ui_cognito_client_id" {
64
+ name = "/${var.project_name}/${var.environment}/app/admin-ui/cognito-client-id"
65
+ type = local.parameter_type
66
+ tier = local.parameter_tier
67
+ value = var.cognito_admin_ui_client_id
68
+
69
+ description = "Cognito Client ID for Admin UI"
70
+
71
+ tags = {
72
+ Environment = var.environment
73
+ ManagedBy = "terraform"
74
+ Category = "app-config"
75
+ }
76
+ }
77
+
78
+ # Cognito Domain (Admin UI参照用)
79
+ resource "aws_ssm_parameter" "app_admin_ui_cognito_domain" {
80
+ name = "/${var.project_name}/${var.environment}/app/admin-ui/cognito-domain"
81
+ type = local.parameter_type
82
+ tier = local.parameter_tier
83
+ value = "${var.cognito_user_pool_domain}.auth.${var.region}.amazoncognito.com"
84
+
85
+ description = "Cognito Domain for Admin UI"
86
+
87
+ tags = {
88
+ Environment = var.environment
89
+ ManagedBy = "terraform"
90
+ Category = "app-config"
91
+ }
92
+ }
93
+
94
+ # DynamoDB Table Name (外部参照用)
95
+ resource "aws_ssm_parameter" "infra_dynamodb_table_name" {
96
+ name = "/${var.project_name}/${var.environment}/infra/dynamodb-table-name"
97
+ type = local.parameter_type
98
+ tier = local.parameter_tier
99
+ value = var.dynamodb_table_name
100
+
101
+ description = "DynamoDB Table Name"
102
+
103
+ tags = {
104
+ Environment = var.environment
105
+ ManagedBy = "terraform"
106
+ Category = "infra-info"
107
+ }
108
+ }
package/terraform/modules/parameter-store/outputs.tf ADDED
@@ -0,0 +1,43 @@
1
+ # Parameter Store モジュール出力
2
+
3
+ # Parameter Store ARNs
4
+ output "parameter_arns" {
5
+ description = "作成されたParameter StoreパラメータのARN一覧"
6
+ value = {
7
+ records_api_url = aws_ssm_parameter.app_records_api_url.arn
8
+ cognito_user_pool_id = aws_ssm_parameter.app_admin_ui_cognito_user_pool_id.arn
9
+ cognito_client_id = aws_ssm_parameter.app_admin_ui_cognito_client_id.arn
10
+ cognito_domain = aws_ssm_parameter.app_admin_ui_cognito_domain.arn
11
+ dynamodb_table_name = aws_ssm_parameter.infra_dynamodb_table_name.arn
12
+ records_function_arn = aws_ssm_parameter.lambda_records_function_arn.arn
13
+ }
14
+ }
15
+
16
+ # Parameter Store Names
17
+ output "parameter_names" {
18
+ description = "作成されたParameter Storeパラメータの名前一覧"
19
+ value = {
20
+ records_api_url = aws_ssm_parameter.app_records_api_url.name
21
+ cognito_user_pool_id = aws_ssm_parameter.app_admin_ui_cognito_user_pool_id.name
22
+ cognito_client_id = aws_ssm_parameter.app_admin_ui_cognito_client_id.name
23
+ cognito_domain = aws_ssm_parameter.app_admin_ui_cognito_domain.name
24
+ dynamodb_table_name = aws_ssm_parameter.infra_dynamodb_table_name.name
25
+ records_function_arn = aws_ssm_parameter.lambda_records_function_arn.name
26
+ }
27
+ }
28
+
29
+ # Parameter Store Paths (same as names)
30
+ output "parameter_paths" {
31
+ description = "作成されたParameter Storeパラメータのパス一覧"
32
+ value = {
33
+ records_api_url = aws_ssm_parameter.app_records_api_url.name
34
+ cognito_user_pool_id = aws_ssm_parameter.app_admin_ui_cognito_user_pool_id.name
35
+ cognito_client_id = aws_ssm_parameter.app_admin_ui_cognito_client_id.name
36
+ cognito_domain = aws_ssm_parameter.app_admin_ui_cognito_domain.name
37
+ dynamodb_table_name = aws_ssm_parameter.infra_dynamodb_table_name.name
38
+ records_function_arn = aws_ssm_parameter.lambda_records_function_arn.name
39
+ }
40
+ }
41
+
42
+ # Note: IAMポリシーは各プロジェクトで個別に定義してください
43
+ # 詳細は iam.tf のコメントを参照
package/terraform/modules/parameter-store/variables.tf ADDED
@@ -0,0 +1,46 @@
1
+ # Parameter Store モジュール変数定義
2
+
3
+ variable "project_name" {
4
+ description = "プロジェクト名"
5
+ type = string
6
+ }
7
+
8
+ variable "environment" {
9
+ description = "環境識別子(dev, stg, prd)"
10
+ type = string
11
+ }
12
+
13
+ variable "region" {
14
+ description = "AWSリージョン"
15
+ type = string
16
+ }
17
+
18
+ variable "records_function_url" {
19
+ description = "Records Lambda Function URL"
20
+ type = string
21
+ }
22
+
23
+ variable "records_function_arn" {
24
+ description = "Records Lambda Function ARN"
25
+ type = string
26
+ }
27
+
28
+ variable "cognito_user_pool_id" {
29
+ description = "Cognito User Pool ID"
30
+ type = string
31
+ }
32
+
33
+ variable "cognito_admin_ui_client_id" {
34
+ description = "Admin UI用Cognito User Pool Client ID"
35
+ type = string
36
+ }
37
+
38
+ variable "cognito_user_pool_domain" {
39
+ description = "Cognito User Pool Domain"
40
+ type = string
41
+ }
42
+
43
+ variable "dynamodb_table_name" {
44
+ description = "DynamoDB Table Name"
45
+ type = string
46
+ }
package/terraform/variables.tf CHANGED
@@ -36,6 +36,16 @@ variable "cognito_client_id" {
36
36
  default = ""
37
37
  }
38
38
 
39
+ variable "cognito_user_pool_domain" {
40
+ description = "Cognito User Pool Domain"
41
+ type = string
42
+ }
43
+
44
+ variable "cognito_admin_ui_client_id" {
45
+ description = "Admin UI用Cognito User Pool Client ID"
46
+ type = string
47
+ }
48
+
39
49
  variable "log_retention_days" {
40
50
  description = "CloudWatch Logsの保持期間(日数)"
41
51
  type = number