@jaypie/constructs 1.2.53 → 1.2.54
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/index.cjs +66 -45
- package/dist/cjs/index.cjs.map +1 -1
- package/dist/esm/index.js +21 -0
- package/dist/esm/index.js.map +1 -1
- package/package.json +1 -1
package/dist/esm/index.js
CHANGED
|
@@ -10,6 +10,7 @@ import * as route53Targets from 'aws-cdk-lib/aws-route53-targets';
|
|
|
10
10
|
import * as secretsmanager from 'aws-cdk-lib/aws-secretsmanager';
|
|
11
11
|
import { DatadogLambda } from 'datadog-cdk-constructs-v2';
|
|
12
12
|
import { ConfigurationError } from '@jaypie/errors';
|
|
13
|
+
import * as iam from 'aws-cdk-lib/aws-iam';
|
|
13
14
|
import { Role, PolicyStatement, Policy, FederatedPrincipal, Effect, ServicePrincipal, ManagedPolicy } from 'aws-cdk-lib/aws-iam';
|
|
14
15
|
import * as acm from 'aws-cdk-lib/aws-certificatemanager';
|
|
15
16
|
import * as logs from 'aws-cdk-lib/aws-logs';
|
|
@@ -3524,6 +3525,14 @@ class JaypieInfrastructureStack extends JaypieStack {
|
|
|
3524
3525
|
}
|
|
3525
3526
|
}
|
|
3526
3527
|
|
|
3528
|
+
const DYNAMODB_CONTROL_PLANE_ACTIONS = [
|
|
3529
|
+
"dynamodb:DescribeContinuousBackups",
|
|
3530
|
+
"dynamodb:DescribeTable",
|
|
3531
|
+
"dynamodb:DescribeTimeToLive",
|
|
3532
|
+
"dynamodb:UpdateContinuousBackups",
|
|
3533
|
+
"dynamodb:UpdateTable",
|
|
3534
|
+
"dynamodb:UpdateTimeToLive",
|
|
3535
|
+
];
|
|
3527
3536
|
class JaypieMigration extends Construct {
|
|
3528
3537
|
constructor(scope, id, props) {
|
|
3529
3538
|
super(scope, id);
|
|
@@ -3539,6 +3548,18 @@ class JaypieMigration extends Construct {
|
|
|
3539
3548
|
tables,
|
|
3540
3549
|
timeout: cdk.Duration.minutes(5),
|
|
3541
3550
|
});
|
|
3551
|
+
// Grant control-plane perms on the passed tables so migrations that
|
|
3552
|
+
// alter table shape (GSIs, TTL, streams, backups) succeed. JaypieLambda
|
|
3553
|
+
// only grants data-plane access via grantReadWriteData. Issue #339.
|
|
3554
|
+
if (tables.length > 0) {
|
|
3555
|
+
this.lambda.addToRolePolicy(new iam.PolicyStatement({
|
|
3556
|
+
actions: DYNAMODB_CONTROL_PLANE_ACTIONS,
|
|
3557
|
+
resources: tables.flatMap((table) => [
|
|
3558
|
+
table.tableArn,
|
|
3559
|
+
`${table.tableArn}/index/*`,
|
|
3560
|
+
]),
|
|
3561
|
+
}));
|
|
3562
|
+
}
|
|
3542
3563
|
// Custom Resource provider wrapping the Lambda
|
|
3543
3564
|
const provider = new cr.Provider(this, "MigrationProvider", {
|
|
3544
3565
|
onEventHandler: this.lambda,
|