如何让我的 dynamodb lambda function 检查用户身份?
[英]How can I get my dynamodb lambda function to check the user's identity?
问题描述
I've set up a dynamodb lambda trigger using this documentation .
我使用此文档设置了一个 dynamodb lambda 触发器。 The function successfully triggers when the dynamodb table is updated, and I can view the output just fine. function在更新dynamodb表时成功触发,我可以正常查看output。
I want to find the identity of the user that updated the dynamodb table but this info doesn't seem to be included in the event.我想找到更新 dynamodb 表的用户的身份,但此信息似乎未包含在事件中。 How can I accomplish this?我怎样才能做到这一点?
The event looks like this:事件看起来像这样:
{
"Records": [
{
"eventID": "1725dad5b286b22b02cffc28e5006437",
"eventName": "INSERT",
"eventVersion": "1.1",
"eventSource": "aws:dynamodb",
"awsRegion": "us-west-2",
"dynamodb": {
"ApproximateCreationDateTime": 1607759729,
"Keys": {
"receiver": {
"S": "c2217b13-12e8-42a4-a1ab-627f764493c9"
},
"sender": {
"S": "6fad5bc8-a389-4d73-b171-e709d5d8bdd8"
}
},
"NewImage": {
"createdAt": {
"S": "2020-12-12T07:55:29.105Z"
},
"receiver": {
"S": "c2217b13-12e8-42a4-a1ab-627f764493c9"
},
"sender": {
"S": "6fad5bc8-a389-4d73-b171-e709d5d8bdd8"
},
"__typename": {
"S": "FriendRequest"
},
"updatedAt": {
"S": "2020-12-12T07:55:29.105Z"
}
},
"SequenceNumber": "4092400000000003379896405",
"SizeBytes": 261,
"StreamViewType": "NEW_AND_OLD_IMAGES"
},
"eventSourceARN": "arn:aws:dynamodb:us-west-2:213277979580:table/FriendRequest-rmzuppsajfhzlfgjehczargowa-apisecure/stream/2020-12-11T07:48:02.462"
}
]
} }
2 个解决方案
解决方案1
0 已采纳 2020-12-12 10:09:16
DynamoDB does not provide the ID of the user that did write the record. DynamoDB 不提供写入记录的用户的 ID。 The only way you can achieve this is to have the user id be part of the DynamoDB item in the first place.实现此目的的唯一方法是首先让用户 ID 成为 DynamoDB 项目的一部分。 But that means your application needs to identify the user and write that attribute.但这意味着您的应用程序需要识别用户并写入该属性。
But this obviously will not work, if the item is inserted using the AWS Console.但这显然不起作用,如果使用 AWS 控制台插入项目。 In that case your user would need to insert his own ID (or the ID of another user) by hand.在这种情况下,您的用户需要手动插入他自己的 ID(或其他用户的 ID)。
解决方案2
0 2022-12-01 15:42:17
We have a similar scenario in which we would like to track who (user) or what (service) made the last update to a record.我们有一个类似的场景,我们希望跟踪谁(用户)或什么(服务)对记录进行了最后更新。 first our arch looks like:首先我们的拱门看起来像:
User/Service changes -> API Lambda -> DynamoDB Stream -> Lambda (normalizes stream data) -> Service Event SNS Topic
All services or functions that care about changes are attached to the SNS topic NOT the stream.所有关心更改的服务或功能都附加到 SNS 主题,而不是 stream。
This works fine with insert/update, we have a internal use field in which we keep this data, it is not returned via the CRUD API's.这适用于插入/更新,我们有一个内部使用字段,我们在其中保存这些数据,它不会通过 CRUD API 返回。 something like: updated_by: app:service:region:user/1类似于: updated_by: app:service:region:user/1
When we get the record we know that this item was updated by user with id 1. so when we create the sns topic, we add a message attribute with this value.当我们得到记录时,我们知道这个项目是由 ID 为 1 的用户更新的。所以当我们创建 sns 主题时,我们添加一个具有这个值的消息属性。
Deletion is a bit more tricky since you can't really update and delete an item at the exact same time.删除有点棘手,因为您不能真正同时更新和删除项目。 how we do this currently is to generate a delete event manually on deletion so instead of relying on the stream, we async the lambda function and pass along the user/service data.我们目前如何做到这一点是在删除时手动生成一个删除事件,而不是依赖 stream,我们异步 lambda function 并传递用户/服务数据。
User/Service changes -> API Lambda -> Lambda (normalizes stream data) -> Service Event SNS Topic
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.