@exabugs/dynamodb-client 0.6.1 → 0.7.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/dist/server/handler.cjs +2 -2
- package/package.json +1 -1
- package/terraform/main.tf +28 -2
package/CHANGELOG.md
CHANGED
|
@@ -7,9 +7,41 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [0.7.1] - 2024-12-28
|
|
11
|
+
|
|
12
|
+
### Fixed
|
|
13
|
+
|
|
14
|
+
- **CORS**: Removed OPTIONS method from allowMethods to comply with AWS Lambda Function URL constraints
|
|
15
|
+
- AWS Lambda Function URL has a 6-character limit per method name
|
|
16
|
+
- OPTIONS (7 characters) exceeded this limit causing ValidationException
|
|
17
|
+
- Preflight OPTIONS requests are handled automatically by Lambda Function URL
|
|
18
|
+
|
|
19
|
+
## [0.7.0] - 2024-12-28
|
|
20
|
+
|
|
21
|
+
### Added
|
|
22
|
+
|
|
23
|
+
- **Terraform**: KMS access policy for Parameter Store integration
|
|
24
|
+
- Lambda functions can now decrypt SecureString environment variables
|
|
25
|
+
- Added `kms:Decrypt` permission with SSM service condition
|
|
26
|
+
- Enables secure configuration management through Parameter Store
|
|
27
|
+
|
|
28
|
+
### Changed
|
|
29
|
+
|
|
30
|
+
- **CORS**: Expanded CORS configuration for comprehensive API support
|
|
31
|
+
- Added support for GET, PUT, DELETE, and OPTIONS methods
|
|
32
|
+
- Previously only supported POST method
|
|
33
|
+
- Enables full REST API functionality for react-admin integration
|
|
34
|
+
|
|
35
|
+
### Improved
|
|
36
|
+
|
|
37
|
+
- **Infrastructure**: Enhanced Lambda function permissions and dependencies
|
|
38
|
+
- Added proper dependency management for KMS policy
|
|
39
|
+
- Improved security with least-privilege access patterns
|
|
40
|
+
|
|
10
41
|
## [0.5.0] - 2024-12-23
|
|
11
42
|
|
|
12
43
|
### Added
|
|
44
|
+
|
|
13
45
|
- 包括的なAPIリファレンスドキュメント (`docs/API.md`)
|
|
14
46
|
- 3つの認証方式(IAM、Cognito、Token)の詳細な説明
|
|
15
47
|
- すべてのクライアントAPIメソッドの完全な仕様
|
|
@@ -27,6 +59,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
27
59
|
- 開発者・利用者向けのセキュリティベストプラクティス
|
|
28
60
|
|
|
29
61
|
### Changed
|
|
62
|
+
|
|
30
63
|
- アーキテクチャリファクタリングによるコード構造の改善
|
|
31
64
|
- 共通モジュールの抽出 (`src/shared/` ディレクトリ構造)
|
|
32
65
|
- 大きな関数の分割(handler.ts ~520行 → 複数モジュール)
|
|
@@ -35,6 +68,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
35
68
|
- 依存関係管理と循環依存の解決
|
|
36
69
|
|
|
37
70
|
### Improved
|
|
71
|
+
|
|
38
72
|
- コードの可読性と保守性の向上
|
|
39
73
|
- 単一責任原則に基づく関数分割(50行制限)
|
|
40
74
|
- 3回以上繰り返されるコードの共通関数化
|
|
@@ -248,6 +282,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
248
282
|
### Migration Guide
|
|
249
283
|
|
|
250
284
|
**Before (v0.1.x):**
|
|
285
|
+
|
|
251
286
|
```typescript
|
|
252
287
|
const client = new DynamoClient(apiUrl);
|
|
253
288
|
await client.connect();
|
|
@@ -262,6 +297,7 @@ const dataProvider = createDataProvider({
|
|
|
262
297
|
```
|
|
263
298
|
|
|
264
299
|
**After (v0.2.0):**
|
|
300
|
+
|
|
265
301
|
```typescript
|
|
266
302
|
const client = new DynamoClient(apiUrl);
|
|
267
303
|
await client.connect();
|
package/dist/server/handler.cjs
CHANGED
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@exabugs/dynamodb-client",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.7.1",
|
|
4
4
|
"description": "DynamoDB Single-Table Client SDK with MongoDB-like API, Shadow Records, and Lambda implementation for serverless applications",
|
|
5
5
|
"author": "exabugs",
|
|
6
6
|
"license": "MIT",
|
package/terraform/main.tf
CHANGED
|
@@ -65,6 +65,31 @@ resource "aws_iam_role_policy" "records_dynamodb" {
|
|
|
65
65
|
})
|
|
66
66
|
}
|
|
67
67
|
|
|
68
|
+
# カスタムインラインポリシー: KMSアクセス(Parameter Store用)
|
|
69
|
+
# Lambda関数がSecureString環境変数を復号化するために必要
|
|
70
|
+
resource "aws_iam_role_policy" "records_kms" {
|
|
71
|
+
name = "kms-access"
|
|
72
|
+
role = aws_iam_role.lambda_records.id
|
|
73
|
+
|
|
74
|
+
policy = jsonencode({
|
|
75
|
+
Version = "2012-10-17"
|
|
76
|
+
Statement = [
|
|
77
|
+
{
|
|
78
|
+
Effect = "Allow"
|
|
79
|
+
Action = [
|
|
80
|
+
"kms:Decrypt"
|
|
81
|
+
]
|
|
82
|
+
Resource = "*"
|
|
83
|
+
Condition = {
|
|
84
|
+
StringEquals = {
|
|
85
|
+
"kms:ViaService" = "ssm.${var.region}.amazonaws.com"
|
|
86
|
+
}
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
]
|
|
90
|
+
})
|
|
91
|
+
}
|
|
92
|
+
|
|
68
93
|
# CloudWatch Logsロググループ
|
|
69
94
|
resource "aws_cloudwatch_log_group" "lambda_records" {
|
|
70
95
|
name = "/aws/lambda/${var.project_name}-${var.environment}-records"
|
|
@@ -127,7 +152,8 @@ resource "aws_lambda_function" "records" {
|
|
|
127
152
|
# CloudWatch Logsへの依存関係を明示
|
|
128
153
|
depends_on = [
|
|
129
154
|
aws_cloudwatch_log_group.lambda_records,
|
|
130
|
-
aws_iam_role_policy.records_dynamodb
|
|
155
|
+
aws_iam_role_policy.records_dynamodb,
|
|
156
|
+
aws_iam_role_policy.records_kms
|
|
131
157
|
]
|
|
132
158
|
|
|
133
159
|
tags = {
|
|
@@ -143,7 +169,7 @@ resource "aws_lambda_function_url" "records" {
|
|
|
143
169
|
# CORS設定
|
|
144
170
|
cors {
|
|
145
171
|
allow_origins = ["*"]
|
|
146
|
-
allow_methods = ["POST"]
|
|
172
|
+
allow_methods = ["GET", "POST", "PUT", "DELETE"]
|
|
147
173
|
allow_headers = ["content-type", "authorization", "x-amz-date", "x-api-key", "x-amz-security-token"]
|
|
148
174
|
expose_headers = ["content-type", "x-amzn-requestid"]
|
|
149
175
|
allow_credentials = false
|