Merge pull request serverless#64 from tmilewski/patch-1

nikgraf · web-flow · commit f632dcdb40b4 · 2017-01-30T15:49:01.000+01:00
Lock down permissions to a specific table
diff --git a/aws-node-rest-api-with-dynamodb/serverless.yml b/aws-node-rest-api-with-dynamodb/serverless.yml
@@ -5,17 +5,18 @@ frameworkVersion: ">=1.1.0 <2.0.0"
 provider:
   name: aws
   runtime: nodejs4.3
+  environment:
+    DYNAMODB_TABLE: ${self:service}-${opt:stage, self:provider.stage}
   iamRoleStatements:
     - Effect: Allow
       Action:
-        - dynamodb:DescribeTable
         - dynamodb:Query
         - dynamodb:Scan
         - dynamodb:GetItem
         - dynamodb:PutItem
         - dynamodb:UpdateItem
         - dynamodb:DeleteItem
-      Resource: "arn:aws:dynamodb:us-east-1:*:*"
+      Resource: "arn:aws:dynamodb:${self:provider.region}:*:table/${env:DYNAMODB_TABLE}"
 
 functions:
   create:
@@ -75,4 +76,4 @@ resources:
         ProvisionedThroughput:
           ReadCapacityUnits: 1
           WriteCapacityUnits: 1
-        TableName: 'todos'
+        TableName: ${env:DYNAMODB_TABLE}
diff --git a/aws-node-rest-api-with-dynamodb/todos/create.js b/aws-node-rest-api-with-dynamodb/todos/create.js
@@ -15,7 +15,7 @@ module.exports.create = (event, context, callback) => {
   }
 
   const params = {
-    TableName: 'todos',
+    TableName: process.env.DYNAMODB_TABLE,
     Item: {
       id: uuid.v1(),
       text: data.text,
diff --git a/aws-node-rest-api-with-dynamodb/todos/delete.js b/aws-node-rest-api-with-dynamodb/todos/delete.js
@@ -6,7 +6,7 @@ const dynamoDb = new AWS.DynamoDB.DocumentClient();
 
 module.exports.delete = (event, context, callback) => {
   const params = {
-    TableName: 'todos',
+    TableName: process.env.DYNAMODB_TABLE,
     Key: {
       id: event.pathParameters.id,
     },
diff --git a/aws-node-rest-api-with-dynamodb/todos/get.js b/aws-node-rest-api-with-dynamodb/todos/get.js
@@ -6,7 +6,7 @@ const dynamoDb = new AWS.DynamoDB.DocumentClient();
 
 module.exports.get = (event, context, callback) => {
   const params = {
-    TableName: 'todos',
+    TableName: process.env.DYNAMODB_TABLE,
     Key: {
       id: event.pathParameters.id,
     },
diff --git a/aws-node-rest-api-with-dynamodb/todos/list.js b/aws-node-rest-api-with-dynamodb/todos/list.js
@@ -4,7 +4,7 @@ const AWS = require('aws-sdk');
 
 const dynamoDb = new AWS.DynamoDB.DocumentClient();
 const params = {
-  TableName: 'todos',
+  TableName: process.env.DYNAMODB_TABLE,
 };
 
 module.exports.list = (event, context, callback) => {
diff --git a/aws-node-rest-api-with-dynamodb/todos/update.js b/aws-node-rest-api-with-dynamodb/todos/update.js
@@ -16,7 +16,7 @@ module.exports.update = (event, context, callback) => {
   }
 
   const params = {
-    TableName: 'todos',
+    TableName: process.env.DYNAMODB_TABLE,
     Key: {
       id: event.pathParameters.id,
     },

Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,7 @@ module.exports.create = (event, context, callback) => {`
`15`	`15`	`}`
`16`	`16`
`17`	`17`	`const params = {`
`18`		`- TableName: 'todos',`
	`18`	`+ TableName: process.env.DYNAMODB_TABLE,`
`19`	`19`	`Item: {`
`20`	`20`	`id: uuid.v1(),`
`21`	`21`	`text: data.text,`
Original file line number	Diff line number	Diff line change
`@@ -16,7 +16,7 @@ module.exports.update = (event, context, callback) => {`
`16`	`16`	`}`
`17`	`17`
`18`	`18`	`const params = {`
`19`		`- TableName: 'todos',`
	`19`	`+ TableName: process.env.DYNAMODB_TABLE,`
`20`	`20`	`Key: {`
`21`	`21`	`id: event.pathParameters.id,`
`22`	`22`	`},`