@exabugs/dynamodb-client 0.6.1 → 0.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +27 -0
- package/dist/server/handler.cjs +2 -2
- package/package.json +1 -1
- package/terraform/main.tf +28 -2
package/CHANGELOG.md
CHANGED
|
@@ -7,9 +7,32 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [0.7.0] - 2024-12-28
|
|
11
|
+
|
|
12
|
+
### Added
|
|
13
|
+
|
|
14
|
+
- **Terraform**: KMS access policy for Parameter Store integration
|
|
15
|
+
- Lambda functions can now decrypt SecureString environment variables
|
|
16
|
+
- Added `kms:Decrypt` permission with SSM service condition
|
|
17
|
+
- Enables secure configuration management through Parameter Store
|
|
18
|
+
|
|
19
|
+
### Changed
|
|
20
|
+
|
|
21
|
+
- **CORS**: Expanded CORS configuration for comprehensive API support
|
|
22
|
+
- Added support for GET, PUT, DELETE, and OPTIONS methods
|
|
23
|
+
- Previously only supported POST method
|
|
24
|
+
- Enables full REST API functionality for react-admin integration
|
|
25
|
+
|
|
26
|
+
### Improved
|
|
27
|
+
|
|
28
|
+
- **Infrastructure**: Enhanced Lambda function permissions and dependencies
|
|
29
|
+
- Added proper dependency management for KMS policy
|
|
30
|
+
- Improved security with least-privilege access patterns
|
|
31
|
+
|
|
10
32
|
## [0.5.0] - 2024-12-23
|
|
11
33
|
|
|
12
34
|
### Added
|
|
35
|
+
|
|
13
36
|
- 包括的なAPIリファレンスドキュメント (`docs/API.md`)
|
|
14
37
|
- 3つの認証方式(IAM、Cognito、Token)の詳細な説明
|
|
15
38
|
- すべてのクライアントAPIメソッドの完全な仕様
|
|
@@ -27,6 +50,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
27
50
|
- 開発者・利用者向けのセキュリティベストプラクティス
|
|
28
51
|
|
|
29
52
|
### Changed
|
|
53
|
+
|
|
30
54
|
- アーキテクチャリファクタリングによるコード構造の改善
|
|
31
55
|
- 共通モジュールの抽出 (`src/shared/` ディレクトリ構造)
|
|
32
56
|
- 大きな関数の分割(handler.ts ~520行 → 複数モジュール)
|
|
@@ -35,6 +59,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
35
59
|
- 依存関係管理と循環依存の解決
|
|
36
60
|
|
|
37
61
|
### Improved
|
|
62
|
+
|
|
38
63
|
- コードの可読性と保守性の向上
|
|
39
64
|
- 単一責任原則に基づく関数分割(50行制限)
|
|
40
65
|
- 3回以上繰り返されるコードの共通関数化
|
|
@@ -248,6 +273,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
248
273
|
### Migration Guide
|
|
249
274
|
|
|
250
275
|
**Before (v0.1.x):**
|
|
276
|
+
|
|
251
277
|
```typescript
|
|
252
278
|
const client = new DynamoClient(apiUrl);
|
|
253
279
|
await client.connect();
|
|
@@ -262,6 +288,7 @@ const dataProvider = createDataProvider({
|
|
|
262
288
|
```
|
|
263
289
|
|
|
264
290
|
**After (v0.2.0):**
|
|
291
|
+
|
|
265
292
|
```typescript
|
|
266
293
|
const client = new DynamoClient(apiUrl);
|
|
267
294
|
await client.connect();
|
package/dist/server/handler.cjs
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@exabugs/dynamodb-client",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.7.0",
|
|
4
4
|
"description": "DynamoDB Single-Table Client SDK with MongoDB-like API, Shadow Records, and Lambda implementation for serverless applications",
|
|
5
5
|
"author": "exabugs",
|
|
6
6
|
"license": "MIT",
|
package/terraform/main.tf
CHANGED
|
@@ -65,6 +65,31 @@ resource "aws_iam_role_policy" "records_dynamodb" {
|
|
|
65
65
|
})
|
|
66
66
|
}
|
|
67
67
|
|
|
68
|
+
# カスタムインラインポリシー: KMSアクセス(Parameter Store用)
|
|
69
|
+
# Lambda関数がSecureString環境変数を復号化するために必要
|
|
70
|
+
resource "aws_iam_role_policy" "records_kms" {
|
|
71
|
+
name = "kms-access"
|
|
72
|
+
role = aws_iam_role.lambda_records.id
|
|
73
|
+
|
|
74
|
+
policy = jsonencode({
|
|
75
|
+
Version = "2012-10-17"
|
|
76
|
+
Statement = [
|
|
77
|
+
{
|
|
78
|
+
Effect = "Allow"
|
|
79
|
+
Action = [
|
|
80
|
+
"kms:Decrypt"
|
|
81
|
+
]
|
|
82
|
+
Resource = "*"
|
|
83
|
+
Condition = {
|
|
84
|
+
StringEquals = {
|
|
85
|
+
"kms:ViaService" = "ssm.${var.region}.amazonaws.com"
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
]
|
|
90
|
+
})
|
|
91
|
+
}
|
|
92
|
+
|
|
68
93
|
# CloudWatch Logsロググループ
|
|
69
94
|
resource "aws_cloudwatch_log_group" "lambda_records" {
|
|
70
95
|
name = "/aws/lambda/${var.project_name}-${var.environment}-records"
|
|
@@ -127,7 +152,8 @@ resource "aws_lambda_function" "records" {
|
|
|
127
152
|
# CloudWatch Logsへの依存関係を明示
|
|
128
153
|
depends_on = [
|
|
129
154
|
aws_cloudwatch_log_group.lambda_records,
|
|
130
|
-
aws_iam_role_policy.records_dynamodb
|
|
155
|
+
aws_iam_role_policy.records_dynamodb,
|
|
156
|
+
aws_iam_role_policy.records_kms
|
|
131
157
|
]
|
|
132
158
|
|
|
133
159
|
tags = {
|
|
@@ -143,7 +169,7 @@ resource "aws_lambda_function_url" "records" {
|
|
|
143
169
|
# CORS設定
|
|
144
170
|
cors {
|
|
145
171
|
allow_origins = ["*"]
|
|
146
|
-
allow_methods = ["POST"]
|
|
172
|
+
allow_methods = ["GET", "POST", "PUT", "DELETE", "OPTIONS"]
|
|
147
173
|
allow_headers = ["content-type", "authorization", "x-amz-date", "x-api-key", "x-amz-security-token"]
|
|
148
174
|
expose_headers = ["content-type", "x-amzn-requestid"]
|
|
149
175
|
allow_credentials = false
|