Skip to content

fix(dynamodb): Table.grantWriteData() doesn't include enough KMS permissions#19102

Merged
mergify[bot] merged 2 commits intoaws:masterfrom
rangerthegood:fix-cmk-grantwritedata
Feb 24, 2022
Merged

fix(dynamodb): Table.grantWriteData() doesn't include enough KMS permissions#19102
mergify[bot] merged 2 commits intoaws:masterfrom
rangerthegood:fix-cmk-grantwritedata

Conversation

@rangerthegood
Copy link
Copy Markdown
Contributor

@rangerthegood rangerthegood commented Feb 23, 2022
edited by skinny85
Loading

This fix adds the additional KMS actions KEY_READ_ACTIONS during calls to grantWriteData. This is required when using Tables are using CMKs during write operations such as put_item and batch_write_item.

Fixes #10010

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@gitpod-io
Copy link
Copy Markdown

gitpod-io bot commented Feb 23, 2022

@github-actions github-actions bot added the @aws-cdk/aws-dynamodb Related to Amazon DynamoDB label Feb 23, 2022
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Feb 23, 2022

Title does not follow the guidelines of Conventional Commits. Please adjust title before merge.

@rangerthegood rangerthegood changed the title fix(dynamodb) fix CMK grants when using grantWriteData fix(dynamodb) fix cmk grants when using grantWriteData Feb 23, 2022
@rangerthegood rangerthegood changed the title fix(dynamodb) fix cmk grants when using grantWriteData fix(dynamodb): fix cmk grants when using grantWriteData Feb 23, 2022
@skinny85 skinny85 changed the title fix(dynamodb): fix cmk grants when using grantWriteData fix(dynamodb): Table.grantWriteData() doesn't include enough KMS permissions Feb 24, 2022
skinny85
skinny85 approved these changes Feb 24, 2022
View reviewed changes
Copy link
Copy Markdown
Contributor

@skinny85 skinny85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution @rangerthegood!

@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Feb 24, 2022

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Copy Markdown
Collaborator

aws-cdk-automation commented Feb 24, 2022

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: 9d3bf22
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify mergify bot merged commit 77f1e0b into aws:master Feb 24, 2022
@mergify
Copy link
Copy Markdown
Contributor

mergify bot commented Feb 24, 2022

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@skinny85 skinny85 skinny85 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@skinny85 skinny85

Labels

@aws-cdk/aws-dynamodb Related to Amazon DynamoDB

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[dynamodb] .grantWriteData() does not grant correct permissions to use PutItem on a KMS CMK encrypted DynamoDB Table.

3 participants

@rangerthegood @aws-cdk-automation @skinny85