Reputation: 105
How can I get my dynamodb lambda function to check the user's identity?
I've set up a dynamodb lambda trigger using this documentation. The function successfully triggers when the dynamodb table is updated, and I can view the output just fine.
I want to find the identity of the user that updated the dynamodb table but this info doesn't seem to be included in the event. How can I accomplish this?
The event looks like this:
{
"Records": [
{
"eventID": "1725dad5b286b22b02cffc28e5006437",
"eventName": "INSERT",
"eventVersion": "1.1",
"eventSource": "aws:dynamodb",
"awsRegion": "us-west-2",
"dynamodb": {
"ApproximateCreationDateTime": 1607759729,
"Keys": {
"receiver": {
"S": "c2217b13-12e8-42a4-a1ab-627f764493c9"
},
"sender": {
"S": "6fad5bc8-a389-4d73-b171-e709d5d8bdd8"
}
},
"NewImage": {
"createdAt": {
"S": "2020-12-12T07:55:29.105Z"
},
"receiver": {
"S": "c2217b13-12e8-42a4-a1ab-627f764493c9"
},
"sender": {
"S": "6fad5bc8-a389-4d73-b171-e709d5d8bdd8"
},
"__typename": {
"S": "FriendRequest"
},
"updatedAt": {
"S": "2020-12-12T07:55:29.105Z"
}
},
"SequenceNumber": "4092400000000003379896405",
"SizeBytes": 261,
"StreamViewType": "NEW_AND_OLD_IMAGES"
},
"eventSourceARN": "arn:aws:dynamodb:us-west-2:213277979580:table/FriendRequest-rmzuppsajfhzlfgjehczargowa-apisecure/stream/2020-12-11T07:48:02.462"
}
]
}
Upvotes: 1
Views: 1034
Answers (2)
Reputation: 2358
We have a similar scenario in which we would like to track who (user) or what (service) made the last update to a record. first our arch looks like:
User/Service changes -> API Lambda -> DynamoDB Stream -> Lambda (normalizes stream data) -> Service Event SNS Topic
All services or functions that care about changes are attached to the SNS topic NOT the stream.
This works fine with insert/update, we have a internal use field in which we keep this data, it is not returned via the CRUD API's. something like: updated_by: app:service:region:user/1
When we get the record we know that this item was updated by user with id 1. so when we create the sns topic, we add a message attribute with this value.
Deletion is a bit more tricky since you can't really update and delete an item at the exact same time. how we do this currently is to generate a delete event manually on deletion so instead of relying on the stream, we async the lambda function and pass along the user/service data.
User/Service changes -> API Lambda -> Lambda (normalizes stream data) -> Service Event SNS Topic
Upvotes: 0
Reputation: 21510
DynamoDB does not provide the ID of the user that did write the record. The only way you can achieve this is to have the user id be part of the DynamoDB item in the first place. But that means your application needs to identify the user and write that attribute.
But this obviously will not work, if the item is inserted using the AWS Console. In that case your user would need to insert his own ID (or the ID of another user) by hand.
Upvotes: 0
Related Questions
- How to fetch Amazon Cognito Identity ID (user_identity_id) for the user from the lambda function?
- Getting error when executing a lambda function - Parameter \"userId\" has value with no field set
- Generating a unique key for dynamodb within a lambda function
- Nodejs , AWS Dynamodb how to check if user already exists before creating new record
- Lambda function returning 401 error when trying to query dynamodb
- User is not authorized to perform: dynamodb:Query on resource error when accessing db from local lambda function
- AWS Lambda Function Does Not Show Access to DynamoDb
- Authenticate the caller to a lambda function
- DynamoDB triggering a Lambda function in another Account
- Writing Cognito user info to DynamoDB through a post-confirmation lambda function?