Reputation: 2050
What KeyConditionExpression on DynamoDb for "Query all items" when using LeadingKeys condition in IAM policy?
I'm writing an integration request in API Gateway, which should query a DynamoDb table. I'm using a specific role to access the database, leveraging the fine-grained access control mechanism, and I have no idea which KeyConditionExpression to use.
I would like to "query for all items", and let DynamoDb take care of which ones to return based on the LeadingKeys of my IAM policy.
So far I tried a simple:
{"ProjectionExpression": "sortKey", "ConsistentRead": false, "TableName": "testTable"}
But this predictably fails with:
{ "__type": "com.amazon.coral.validate#ValidationException",
"message": "Either the KeyConditions or KeyConditionExpression parameter must be specified in the request." }
What should I do?
Upvotes: 2
Views: 3183
Answers (1)
Reputation: 2050
I found it on my own. You simply can't send a Query without specifying a partition key, but you can define a dynamic partition key.
You can use API Gateway context variables to pass a KeyProjectionExpression that will match your policy's LeadingKeys. In my case, it was Cognito Identity:
{
"KeyConditionExpression":"pk=:pk",
"ExpressionAttributeValues":{":pk":{"S":"$context.identity.cognitoIdentityId"}}
}
A more complete list of API Gateway variables is available here.
Upvotes: 2
Related Questions
- How to query AWS DynamoDb using KeyConditionExpression?
- IAM Policy Cognito Variables for DynamoDB LeadingKeys Restriction
- Dynamodb use begin with query on primary key
- Difference between RangeKeyCondition and FilterKeyCondition in aws DynamoDb
- How to query a table in DynamoDB using KeyConditions and using AWS-JS-SDK
- Querying in DynamoDb without key condition expression
- AWS KeyConditionExpression dynamodb query
- DynamoDB query criteria
- AWS DynamoDB query with Key Condition Expression got an error: Query key condition not supported
- How to specify range key condition in BatchGetItem query in DynamoDB?