@exabugs/dynamodb-client 0.7.3 → 0.7.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -7,6 +7,35 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ## [0.7.5] - 2025-12-28
11
+
12
+ ### Removed
13
+
14
+ - **All KMS Settings Verification**: Removed all KMS-related settings to verify if they were actually necessary
15
+ - Removed `aws_iam_role_policy.records_kms_default` IAM policy resource (Lambda execution environment)
16
+ - Removed `aws_iam_role_policy.records_kms` IAM policy resource (Parameter Store access)
17
+ - Removed `kms_key_arn = ""` setting from Lambda function
18
+ - Current Lambda function uses only environment variables, not Parameter Store SecureString
19
+ - This is part of ADR-005 verification to determine the true cause of Lambda Function URL issues
20
+
21
+ ## [0.7.4] - 2025-12-28
22
+
23
+ ### Fixed
24
+
25
+ - **Lambda KMS Encryption**: Disabled KMS encryption for Lambda function to resolve persistent KMSAccessDeniedException (ADR-004)
26
+ - **Lambda Startup**: Fixed Lambda function startup failure by explicitly setting `kms_key_arn = ""`
27
+ - **502 Bad Gateway**: Resolved Function URL errors caused by Lambda execution environment KMS issues
28
+
29
+ ### Changed
30
+
31
+ - **Security Model**: Moved from KMS-encrypted Lambda environment to unencrypted for compatibility
32
+ - **ADR-003 Deprecated**: Replaced complex KMS permission approach with simpler encryption disable approach
33
+
34
+ ### Technical
35
+
36
+ - **Terraform**: Added `kms_key_arn = ""` to Lambda function configuration
37
+ - **Architecture Decision**: Created ADR-004 to document KMS encryption disable decision
38
+
10
39
  ## [0.7.3] - 2025-12-28
11
40
 
12
41
  ### Fixed
@@ -1,5 +1,5 @@
1
- // @exabugs/dynamodb-client v0.7.3
2
- // Built: 2025-12-28T10:27:40.943Z
1
+ // @exabugs/dynamodb-client v0.7.5
2
+ // Built: 2025-12-28T11:12:48.213Z
3
3
  "use strict";
4
4
  var __create = Object.create;
5
5
  var __defProp = Object.defineProperty;
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@exabugs/dynamodb-client",
3
- "version": "0.7.3",
3
+ "version": "0.7.5",
4
4
  "description": "DynamoDB Single-Table Client SDK with MongoDB-like API, Shadow Records, and Lambda implementation for serverless applications",
5
5
  "author": "exabugs",
6
6
  "license": "MIT",
package/terraform/main.tf CHANGED
@@ -65,55 +65,10 @@ resource "aws_iam_role_policy" "records_dynamodb" {
65
65
  })
66
66
  }
67
67
 
68
- # カスタムインラインポリシー: KMSアクセス(Parameter Store用)
69
- # Lambda関数がSecureString環境変数を復号化するために必要
70
- resource "aws_iam_role_policy" "records_kms" {
71
- name = "kms-access"
72
- role = aws_iam_role.lambda_records.id
68
+ # Parameter Store用KMSアクセスポリシーを削除(ADR-005による検証)
69
+ # 現在のLambda関数は環境変数のみを使用し、Parameter StoreのSecureStringは使用していない
73
70
 
74
- policy = jsonencode({
75
- Version = "2012-10-17"
76
- Statement = [
77
- {
78
- Effect = "Allow"
79
- Action = [
80
- "kms:Decrypt"
81
- ]
82
- Resource = "*"
83
- Condition = {
84
- StringEquals = {
85
- "kms:ViaService" = "ssm.${var.region}.amazonaws.com"
86
- }
87
- }
88
- }
89
- ]
90
- })
91
- }
92
-
93
- # カスタムインラインポリシー: KMSデフォルトキーアクセス(Lambda実行環境用)
94
- # AWS LambdaのデフォルトKMSキーへのアクセス権限(ADR-003)
95
- resource "aws_iam_role_policy" "records_kms_default" {
96
- name = "kms-default-access"
97
- role = aws_iam_role.lambda_records.id
98
-
99
- policy = jsonencode({
100
- Version = "2012-10-17"
101
- Statement = [
102
- {
103
- Effect = "Allow"
104
- Action = [
105
- "kms:Decrypt"
106
- ]
107
- Resource = "*"
108
- Condition = {
109
- StringEquals = {
110
- "kms:ViaService" = "lambda.${var.region}.amazonaws.com"
111
- }
112
- }
113
- }
114
- ]
115
- })
116
- }
71
+ # KMSデフォルトキーアクセスポリシーを削除(ADR-005による検証)
117
72
 
118
73
  # CloudWatch Logsロググループ
119
74
  resource "aws_cloudwatch_log_group" "lambda_records" {
@@ -151,6 +106,9 @@ resource "aws_lambda_function" "records" {
151
106
  timeout = 30
152
107
  memory_size = 512
153
108
 
109
+ # KMS暗号化設定を削除(ADR-005による検証)
110
+ # kms_key_arn = ""
111
+
154
112
  # 環境変数
155
113
  environment {
156
114
  variables = {
@@ -177,9 +135,8 @@ resource "aws_lambda_function" "records" {
177
135
  # CloudWatch Logsへの依存関係を明示
178
136
  depends_on = [
179
137
  aws_cloudwatch_log_group.lambda_records,
180
- aws_iam_role_policy.records_dynamodb,
181
- aws_iam_role_policy.records_kms,
182
- aws_iam_role_policy.records_kms_default
138
+ aws_iam_role_policy.records_dynamodb
139
+ # aws_iam_role_policy.records_kms # ADR-005による検証のため削除(Parameter Store未使用)
183
140
  ]
184
141
 
185
142
  tags = {