How to implement aws_iam authorization with postgresql

samgj18 · August 10, 2020, 4:52am

The way the tutorial uses the authorization is like this since they’re using DynamoDB:

export const main = handler(async (event, context) => {
  const data = JSON.parse(event.body);
  const params = {
TableName: process.env.tableName,
// 'Item' contains the attributes of the item to be created
// - 'userId': user identities are federated through the
//             Cognito Identity Pool, we will use the identity id
//             as the user id of the authenticated user
// - 'noteId': a unique uuid
// - 'content': parsed from request body
// - 'attachment': parsed from request body
// - 'createdAt': current Unix timestamp
Item: {
  userId: event.requestContext.identity.cognitoIdentityId,
  noteId: uuid.v1(),
  content: data.content,
  attachment: data.attachment,
  createdAt: Date.now()
}
  };

  await dynamoDb.put(params);

  return params.Item;
});

So the parameters are passed to the dynamoDb instance and it take cares of the authorization but how can I do the same using a postgres database? Currently my code looks like this:

export const getOne = handler(async (event, context) => {
  context.callbackWaitsForEmptyEventLoop = false;

  try {
    const { User } = await connectToDatabase();
    const user = await User.findOne({
      where: { enterprise_email: event.queryStringParameters.email },
    });
    if (!user)
      throw new Error(`User with id: ${event.queryStringParameters.email} was not found`);
    return user;
  } catch (err) {
    throw ('Could not fetch the user.', err);
  }
});

jayair · August 23, 2020, 11:50pm

Hmm there might be some confusion here, that code doesn’t do any authorization for DynamoDB. It is done through the serverless.yml. This shows which tables our Lambda functions have access to:

github.com

AnomalyInnovations/serverless-stack-demo-api/blob/master/serverless.yml#L31


runtime: nodejs12.x
stage: dev
region: us-east-1

# These environment variables are made available to our functions
# under process.env.
environment:
  tableName: ${self:custom.tableName}
  stripeSecretKey: ${env:STRIPE_SECRET_KEY}

iamRoleStatements:
  - Effect: Allow
    Action:
      - dynamodb:DescribeTable
      - dynamodb:Query
      - dynamodb:Scan
      - dynamodb:GetItem
      - dynamodb:PutItem
      - dynamodb:UpdateItem
      - dynamodb:DeleteItem
    # Restrict our IAM role permissions to

samgj18 · August 24, 2020, 12:13am

Thanks a lot Jayair, I got that a little later. Didn’t update the post. I’m still confused on how to do the same with postgresql though

jayair · September 7, 2020, 11:27pm

Are you trying to allow your Lambda functions to access your Postgres databases?

samgj18 · September 7, 2020, 11:43pm

Hi Jayair, thanks for your time. I already solved the problem. I was a little confused but took my time to read the docs and the tutorial and it now works like charm.

jayair · October 15, 2020, 6:32pm

Awesome! It would be great if you could share it for the rest of the community!

Topic		Replies	Views
Create a DynamoDB Table Chapter Comments	28	2846	August 24, 2021
Worked then didn't work - create note Chapter Comments	2	563	March 24, 2019
Create API adds to S3 bucket but not to dynamodb no logs or invocations are shown	3	456	May 3, 2020
Error: is not authorized to perform: dynamodb:Query :(	4	4528	August 24, 2020
Role based Access Control over API gateway/Lambda or DynamoDB AND S3	1	2367	July 3, 2018

How to implement aws_iam authorization with postgresql

Related Topics