Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I can't allow my lambda to access a dynamodb relationship table with CLI commands. #14063

Open
3 tasks done
domov44 opened this issue Jan 8, 2025 · 1 comment
Open
3 tasks done

I can't allow my lambda to access a dynamodb relationship table with CLI commands. #14063

domov44 opened this issue Jan 8, 2025 · 1 comment
Labels
pending-triage Issue is pending triage transferred This issue was transferred from another Amplify project

Comments

@domov44
Copy link

domov44 commented Jan 8, 2025
edited
Loading

Before opening, please confirm:

JavaScript Framework

React

Amplify APIs

GraphQL API

Amplify Version

v6

Amplify Categories

storage, function

Backend

Amplify CLI

Environment information

System:
    OS: Windows 11 10.0.22631
    CPU: (8) x64 Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz
    Memory: 363.64 MB / 7.84 GB
  Binaries:
    Node: 20.10.0 - D:\nodejs\node.EXE
    npm: 10.8.1 - D:\nodejs\npm.CMD
  Browsers:
    Edge: Chromium (127.0.2651.74)
    Internet Explorer: 11.0.22621.3527
  npmPackages:
    @aws-amplify/storage: ^6.0.20 => 6.7.1
    @aws-amplify/storage/internals:  undefined ()
    @aws-amplify/storage/s3:  undefined ()
    @aws-amplify/storage/s3/server:  undefined ()
    @aws-amplify/storage/server:  undefined ()
    @aws-amplify/ui-react: ^6.1.6 => 6.1.6
    @aws-amplify/ui-react-internal:  undefined ()
    @babel/plugin-proposal-private-property-in-object: ^7.21.11 => 7.21.11 (7.21.0-placeholder-for-preset-env.2)
    @cypress/angular:  0.0.0-development
    @cypress/angular-signals:  0.0.0-development
    @cypress/mount-utils:  0.0.0-development
    @cypress/react:  0.0.0-development
    @cypress/react18:  0.0.0-development
    @cypress/svelte:  0.0.0-development
    @cypress/vue:  0.0.0-development
    @cypress/vue2:  0.0.0-development
    @testing-library/jest-dom: ^5.17.0 => 5.17.0
    @testing-library/react: ^13.4.0 => 13.4.0
    @testing-library/user-event: ^13.5.0 => 13.5.0
    aws-amplify: ^6.10.0 => 6.10.0
    aws-amplify/adapter-core:  undefined ()
    aws-amplify/analytics:  undefined ()
    aws-amplify/analytics/kinesis:  undefined ()
    aws-amplify/analytics/kinesis-firehose:  undefined ()
    aws-amplify/analytics/personalize:  undefined ()
    aws-amplify/analytics/pinpoint:  undefined ()
    aws-amplify/api:  undefined ()
    aws-amplify/api/server:  undefined ()
    aws-amplify/auth:  undefined ()
    aws-amplify/auth/cognito:  undefined ()
    aws-amplify/auth/cognito/server:  undefined ()
    aws-amplify/auth/enable-oauth-listener:  undefined ()
    aws-amplify/auth/server:  undefined ()
    aws-amplify/data:  undefined ()
    aws-amplify/data/server:  undefined ()
    aws-amplify/datastore:  undefined ()
    aws-amplify/in-app-messaging:  undefined ()
    aws-amplify/in-app-messaging/pinpoint:  undefined ()
    aws-amplify/push-notifications:  undefined ()
    aws-amplify/push-notifications/pinpoint:  undefined ()
    aws-amplify/storage:  undefined ()
    aws-amplify/storage/s3:  undefined ()
    aws-amplify/storage/s3/server:  undefined ()
    aws-amplify/storage/server:  undefined ()
    aws-amplify/utils:  undefined ()
    aws-sdk: ^2.1692.0 => 2.1692.0
    babel-plugin-styled-components: ^2.1.4 => 2.1.4
    chance: ^1.1.11 => 1.1.11
    cypress: ^13.14.2 => 13.14.2
    dotenv: ^16.4.5 => 16.4.5 (10.0.0)
    file-saver: ^2.0.5 => 2.0.5
    gsap: ^3.12.5 => 3.12.5
    jspdf: ^2.5.2 => 2.5.2
    jspdf-autotable: ^3.8.3 => 3.8.3
    lottie-react: ^2.4.0 => 2.4.0
    react: ^18.3.1 => 18.3.1
    react-content-loader: ^6.2.1 => 6.2.1
    react-content-loader/native:  undefined ()
    react-dom: ^18.3.1 => 18.3.1
    react-icons: ^5.3.0 => 5.3.0
    react-router-dom: ^7.0.1 => 7.0.1
    react-scripts: ^5.0.1 => 5.0.1
    react-toastify: ^10.0.6 => 10.0.6
    styled-components: ^6.1.13 => 6.1.13
    styled-components/native:  undefined ()
    web-vitals: ^4.2.4 => 4.2.4
    xlsx: ^0.18.5 => 0.18.5
  npmGlobalPackages:
    @aws-amplify/cli: 12.12.1
    @nestjs/cli: 10.4.5
    @vue/cli: 5.0.8
    eas-cli: 9.1.0
    expo-cli: 6.3.10
    firebase-tools: 13.1.0
    npm: 10.8.1
    sequelize-cli: 6.6.2

Describe the bug

I need to query a relationship table from a lambda, but I'm not authorized to access it and i cannot do it with CLI command because i cannot choose the relationship table.
image
image

Expected behavior

When we create a lambda via the cli, we're offered to choose authorization rules, including storage, but the list of tables doesn't include relations. I'd like to be able to authorize those too.

Reproduction steps

  1. Install basic configuration of react and amplify
  2. create graphql api with 2 model like "Organisation" and "Profile", and add many to many relation between them with "OrganisationProfile" relation name
  3. create api rest, and use express, configure your function authorization and see that you cannot choose to access at the "OrganisationProfile" but only Organisation and Profile table.
  4. Configure an API REST path where you want to query the "OrganisationProfile", and call it from your frontend (for the "OrganisationProfile" table env name is use the Profile table name and a .replace()).
  5. And see, that you cannot access to this data with 500 error.

Code Snippet

/* Amplify Params - DO NOT EDIT
    API_APP_CLIENTSTABLE_ARN
    API_APP_CLIENTSTABLE_NAME
    API_APP_GRAPHQLAPIENDPOINTOUTPUT
    API_APP_GRAPHQLAPIIDOUTPUT
    API_APP_GRAPHQLAPIKEYOUTPUT
    API_APP_PROFILETABLE_ARN
    API_APP_PROFILETABLE_NAME
    AUTH_APPA549703A_USERPOOLID
    ENV
    REGION
Amplify Params - DO NOT EDIT */

const { DynamoDBClient } = require('@aws-sdk/client-dynamodb');
const { DynamoDBDocumentClient, ScanCommand } = require('@aws-sdk/lib-dynamodb');

const region = process.env.REGION;
const clientProfilesTableName = process.env.API_APP_CLIENTSTABLE_NAME.replace("Clients-", "ClientProfiles-");

const dynamoDbClient = new DynamoDBClient({ region });
const dynamoDbDocumentClient = DynamoDBDocumentClient.from(dynamoDbClient);

exports.index = async (req, res) => {
    try {
        const { email, sub } = req.user;

        console.log(`Fetching client profiles for user: ${email} (${sub})`);
        console.log(clientProfilesTableName)

        const clientProfiles = await dynamoDbDocumentClient.send(
            new ScanCommand({
                ExpressionAttributeNames: { "#n0": "profileId" },
                ExpressionAttributeValues: { ":v0": sub },
                FilterExpression: "#n0 = :v0",
                Limit: 50,
                ReturnConsumedCapacity: "TOTAL",
                Select: "ALL_ATTRIBUTES",
                TableName: clientProfilesTableName,
            })
        );

        res.json({ success: 'Get call succeed!', data: clientProfiles.Items });
    } catch (error) {
        console.error('Error fetching client profiles:', error);
        res.status(500).json({ message: 'An error occurred', error: error.message });
    }
};

Log output

// Put your logs below this line

aws-exports.js

/* eslint-disable */
// WARNING: DO NOT EDIT. This file is automatically generated by AWS Amplify. It will be overwritten.

const awsmobile = {
    "aws_project_region": "eu-west-3",
    "aws_appsync_graphqlEndpoint": "https://ekkky5bbane5lpvs362gfvgqe4.appsync-api.eu-west-3.amazonaws.com/graphql",
    "aws_appsync_region": "eu-west-3",
    "aws_appsync_authenticationType": "AMAZON_COGNITO_USER_POOLS",
    "aws_appsync_apiKey": "da2-khsq3zhm5ffy7ivg6bnzvid56q",
    "aws_cloud_logic_custom": [
        {
            "name": "usersApi",
            "endpoint": "https://txdr0exeah.execute-api.eu-west-3.amazonaws.com/ronantest",
            "region": "eu-west-3"
        },
        {
            "name": "clientsApi",
            "endpoint": "https://6c75gtcvsc.execute-api.eu-west-3.amazonaws.com/ronantest",
            "region": "eu-west-3"
        }
    ],
    "aws_cognito_identity_pool_id": "eu-west-3:71708c4b-1cac-4d31-b0aa-258f3041dca6",
    "aws_cognito_region": "eu-west-3",
    "aws_user_pools_id": "eu-west-3_uuTsYdbxJ",
    "aws_user_pools_web_client_id": "1ebss3iojbp20r8eienn1agh78",
    "oauth": {},
    "aws_cognito_username_attributes": [
        "EMAIL"
    ],
    "aws_cognito_social_providers": [],
    "aws_cognito_signup_attributes": [
        "EMAIL"
    ],
    "aws_cognito_mfa_configuration": "OFF",
    "aws_cognito_mfa_types": [
        "SMS"
    ],
    "aws_cognito_password_protection_settings": {
        "passwordPolicyMinLength": 8,
        "passwordPolicyCharacters": []
    },
    "aws_cognito_verification_mechanisms": [
        "EMAIL"
    ],
    "aws_user_files_s3_bucket": "appfiles65dc2-ronantest",
    "aws_user_files_s3_bucket_region": "eu-west-3"
};


export default awsmobile;

Manual configuration

No response

Additional configuration

No response

Mobile Device

No response

Mobile Operating System

No response

Mobile Browser

No response

Mobile Browser Version

No response

Additional information and screenshots

No response
@github-actions github-actions bot added the pending-triage Issue is pending triage label Jan 8, 2025
@cwomack cwomack assigned cwomack and unassigned cwomack Jan 8, 2025
@cwomack
Copy link
Member

cwomack commented Jan 8, 2025

@domov44, I'll transfer this to our amplify-cli repo to get you better assistance.

@cwomack cwomack transferred this issue from aws-amplify/amplify-js Jan 8, 2025
@cwomack cwomack added the transferred This issue was transferred from another Amplify project label Jan 8, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
pending-triage Issue is pending triage transferred This issue was transferred from another Amplify project
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cwomack @domov44