import{createClient}from"https://denopkg.com/chiefbiiko/dynamodb/mod.ts";// if config/credentials not passed they will be read from the env/fsconstdyno=createClient();// the client has all of DynamoDB's operations as camelCased async methodsconstresult=awaitdyno.listTables();
The client config can be omitted entirely when calling createClient. If that is the case the config will be derived from the environment and filesystem, in that order, using get-aws-config.
Prefer using temporary credentials and a session token.
Is it possible assume role rather than explicitly providing the credentials?
Context: When running on Kubernetes (EKS), we use a Kubernetes ServiceAccount. We don't even have these values: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN. Instead we have AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE. So for example, when using boto3, it automagically detects this and handles assuming the role.
in createHeaders. Note this is a short-lived token so likely this has to be looked up each time anyways (I don't think this can be cached)...
I can confirm this fix works for deno+dynamodb on aws lambda ๐ but perhaps there is a better way to do it from a style/testing point of view?
Aside: Without this fix the underlying request gives a "The security token included in the request is invalid." error, but you don't see that without modifying the dynamodb code just Error: http query request failed: 400 Bad Request, it'd be great to bubble up the json error message (which was googleable / suggested this solution).
Hi,
it can connect to separate dynamoDB, while when all the service and DynamoDB in one docker compose, then local seems not work,
maybe need to update some logic update fixed localhost when region is local?
Unfortunately I often see denopkg.com 504 somewhat frequently in ci.
I think it would make sense to move your deps to deno.land.
(It's a shame there isn't a clean way to same domain e.g. if you get dynamodb from denopkg then all it's dependencies are denopkg, and same for deno.land.)
Hi. first of all im not really good at deno, typescript and dynamodb. i just want to learn something new. so I manage to connect and put an item to my table. but I wonder how will I do it with conditional expression. I look on the docs and test file but I cant find any example on how to do it using this package.
It would be great if anyone can help and show me how can I updateItem or putItem with conditional express with its values.
It looks like since Deno 1.5, there was a breaking change which is causing an issue. I'm running Deno 1.17.2 and seeing this error:
error: TS1205 [ERROR]: Re-exporting a type when the '--isolatedModules' flag is provided requires using 'export type'.
export { Doc } from "./util.ts";
~~~
at https://denopkg.com/chiefbiiko/[email protected]/mod.ts:5:10
TS1205 [ERROR]: Re-exporting a type when the '--isolatedModules' flag is provided requires using 'export type'.
export { HeadersConfig, createHeaders } from "./create_headers.ts";
~~~~~~~~~~~~~
at https://denopkg.com/chiefbiiko/[email protected]/client/mod.ts:4:10
Found 2 errors.
I found some solutions saying to create a tsconfig.json like this:
Right now I have access keys setup in a standard (default) profile in my ~/.aws/config and ~/.aws/credentials files. When I use the get-aws-config dependency directly I can see it properly retrieving all my credential information correctly. However, when trying to .createClient I get this error:
error: Uncaught Error: unable to derive aws config
Looking through the current code it looks like the derive_config.ts is expecting access key and secret to sit on a "credentials" field, where 'got' currently returns those directly on the return object.
currently, sessionToken is updateable as the module calls conf.sessionToken anytime it sets it in a request. Nonetheless, key id and access key are still static and not updateable during runtime. Using temporary credentials in a long running process is thus not really possible at the moment..
A fix could fx put a credentials getter on client config: