npm - @exabugs/dynamodb-client - Versions diffs - 0.7.4 → 0.7.5 - Mend

@exabugs/dynamodb-client 0.7.4 → 0.7.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -7,6 +7,17 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ## [Unreleased]
+## [0.7.5] - 2025-12-28
+### Removed
+- **All KMS Settings Verification**: Removed all KMS-related settings to verify if they were actually necessary
+  - Removed `aws_iam_role_policy.records_kms_default` IAM policy resource (Lambda execution environment)
+  - Removed `aws_iam_role_policy.records_kms` IAM policy resource (Parameter Store access)
+  - Removed `kms_key_arn = ""` setting from Lambda function
+  - Current Lambda function uses only environment variables, not Parameter Store SecureString
+  - This is part of ADR-005 verification to determine the true cause of Lambda Function URL issues
 ## [0.7.4] - 2025-12-28
 ### Fixed

package/dist/server/handler.cjs CHANGED Viewed

@@ -1,5 +1,5 @@
-// @exabugs/dynamodb-client v0.7.4
-// Built: 2025-12-28T10:39:29.906Z
+// @exabugs/dynamodb-client v0.7.5
+// Built: 2025-12-28T11:12:48.213Z
 "use strict";
 var __create = Object.create;
 var __defProp = Object.defineProperty;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@exabugs/dynamodb-client",
-  "version": "0.7.4",
+  "version": "0.7.5",
   "description": "DynamoDB Single-Table Client SDK with MongoDB-like API, Shadow Records, and Lambda implementation for serverless applications",
   "author": "exabugs",
   "license": "MIT",

package/terraform/main.tf CHANGED Viewed

@@ -65,55 +65,10 @@ resource "aws_iam_role_policy" "records_dynamodb" {
   })
 }
-# カスタムインラインポリシー: KMSアクセス（Parameter Store用）
-# Lambda関数がSecureString環境変数を復号化するために必要
-resource "aws_iam_role_policy" "records_kms" {
-  name = "kms-access"
-  role = aws_iam_role.lambda_records.id
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect = "Allow"
-        Action = [
-          "kms:Decrypt"
-        ]
-        Resource = "*"
-        Condition = {
-          StringEquals = {
-            "kms:ViaService" = "ssm.${var.region}.amazonaws.com"
-          }
-        }
-      }
-    ]
-  })
-}
+# Parameter Store用KMSアクセスポリシーを削除（ADR-005による検証）
+# 現在のLambda関数は環境変数のみを使用し、Parameter StoreのSecureStringは使用していない
-# カスタムインラインポリシー: KMSデフォルトキーアクセス（Lambda実行環境用）
-# AWS LambdaのデフォルトKMSキーへのアクセス権限（ADR-003）
-resource "aws_iam_role_policy" "records_kms_default" {
-  name = "kms-default-access"
-  role = aws_iam_role.lambda_records.id
-  policy = jsonencode({
-    Version = "2012-10-17"
-    Statement = [
-      {
-        Effect = "Allow"
-        Action = [
-          "kms:Decrypt"
-        ]
-        Resource = "*"
-        Condition = {
-          StringEquals = {
-            "kms:ViaService" = "lambda.${var.region}.amazonaws.com"
-          }
-        }
-      }
-    ]
-  })
-}
+# KMSデフォルトキーアクセスポリシーを削除（ADR-005による検証）
 # CloudWatch Logsロググループ
 resource "aws_cloudwatch_log_group" "lambda_records" {
@@ -151,9 +106,8 @@ resource "aws_lambda_function" "records" {
   timeout     = 30
   memory_size = 512
-  # KMS暗号化を明示的に無効化（ADR-004）
-  # AWS管理のデフォルトKMSキーアクセス権限の問題を回避
-  kms_key_arn = ""
+  # KMS暗号化設定を削除（ADR-005による検証）
+  # kms_key_arn = ""
   # 環境変数
   environment {
@@ -181,9 +135,8 @@ resource "aws_lambda_function" "records" {
   # CloudWatch Logsへの依存関係を明示
   depends_on = [
     aws_cloudwatch_log_group.lambda_records,
-    aws_iam_role_policy.records_dynamodb,
-    aws_iam_role_policy.records_kms,
-    aws_iam_role_policy.records_kms_default
+    aws_iam_role_policy.records_dynamodb
+    # aws_iam_role_policy.records_kms  # ADR-005による検証のため削除（Parameter Store未使用）
   ]
   tags = {