From 2ba98d8340dcac4b43c49a39bf0b600ca10f730d Mon Sep 17 00:00:00 2001 From: Jungseok Lee Date: Tue, 11 Sep 2018 00:29:35 -0700 Subject: [PATCH] feat(aws-dynamodb): Support server-side encryption (#684) This patch supports DynamoDB server-side encryption. --- packages/@aws-cdk/aws-dynamodb/lib/table.ts | 17 +++++--- .../test/integ.dynamodb.expected.json | 24 ++++++----- .../aws-dynamodb/test/integ.dynamodb.ts | 7 +++- .../aws-dynamodb/test/test.dynamodb.ts | 40 +++++++++++++++++-- 4 files changed, 68 insertions(+), 20 deletions(-) diff --git a/packages/@aws-cdk/aws-dynamodb/lib/table.ts b/packages/@aws-cdk/aws-dynamodb/lib/table.ts index 89f4fbcf2e7e2..01624e7d29358 100644 --- a/packages/@aws-cdk/aws-dynamodb/lib/table.ts +++ b/packages/@aws-cdk/aws-dynamodb/lib/table.ts @@ -26,22 +26,28 @@ export interface TableProps { */ tableName?: string; + /** + * Whether server-side encryption is enabled. + * @default undefined, server-side encryption is disabled + */ + sseEnabled?: boolean; + /** * When an item in the table is modified, StreamViewType determines what information * is written to the stream for this table. Valid values for StreamViewType are: - * @default undefined, streams are disbaled + * @default undefined, streams are disabled */ streamSpecification?: StreamViewType; /** - * AutoScalingProps configuration to configure Read AutoScaling for the DyanmoDB table. + * AutoScalingProps configuration to configure Read AutoScaling for the DynamoDB table. * This field is optional and this can be achieved via addReadAutoScaling. * @default undefined, read auto scaling is disabled */ readAutoScaling?: AutoScalingProps; /** - * AutoScalingProps configuration to configure Write AutoScaling for the DyanmoDB table. + * AutoScalingProps configuration to configure Write AutoScaling for the DynamoDB table. * This field is optional and this can be achieved via addWriteAutoScaling. * @default undefined, write auto scaling is disabled */ @@ -111,7 +117,8 @@ export class Table extends Construct { keySchema: this.keySchema, attributeDefinitions: this.attributeDefinitions, provisionedThroughput: { readCapacityUnits, writeCapacityUnits }, - streamSpecification: props.streamSpecification ? {streamViewType: props.streamSpecification} : undefined + sseSpecification: props.sseEnabled ? { sseEnabled: props.sseEnabled } : undefined, + streamSpecification: props.streamSpecification ? { streamViewType: props.streamSpecification } : undefined }); if (props.tableName) { this.addMetadata('aws:cdk:hasPhysicalName', props.tableName); } @@ -293,4 +300,4 @@ export enum StreamViewType { NewAndOldImages = 'NEW_AND_OLD_IMAGES', /** Only the key attributes of the modified item are written to the stream. */ KeysOnly = 'KEYS_ONLY' - } +} diff --git a/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.expected.json b/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.expected.json index 2462bcbcc627d..5d4645a81aac3 100644 --- a/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.expected.json +++ b/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.expected.json @@ -3,29 +3,35 @@ "TableCD117FA1": { "Type": "AWS::DynamoDB::Table", "Properties": { - "AttributeDefinitions": [ + "KeySchema": [ { "AttributeName": "hashKey", - "AttributeType": "S" + "KeyType": "HASH" }, { "AttributeName": "rangeKey", - "AttributeType": "N" + "KeyType": "RANGE" } ], - "KeySchema": [ + "ProvisionedThroughput": { + "ReadCapacityUnits": 5, + "WriteCapacityUnits": 5 + }, + "AttributeDefinitions": [ { "AttributeName": "hashKey", - "KeyType": "HASH" + "AttributeType": "S" }, { "AttributeName": "rangeKey", - "KeyType": "RANGE" + "AttributeType": "N" } ], - "ProvisionedThroughput": { - "ReadCapacityUnits": 5, - "WriteCapacityUnits": 5 + "SSESpecification": { + "SSEEnabled": true + }, + "StreamSpecification": { + "StreamViewType": "KEYS_ONLY" } } } diff --git a/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.ts b/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.ts index 3ed7225464f64..574a64773a08a 100644 --- a/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.ts +++ b/packages/@aws-cdk/aws-dynamodb/test/integ.dynamodb.ts @@ -1,11 +1,14 @@ import { App, Stack } from '@aws-cdk/cdk'; -import { KeyAttributeType, Table } from '../lib'; +import { KeyAttributeType, StreamViewType, Table } from '../lib'; const app = new App(process.argv); const stack = new Stack(app, 'aws-cdk-dynamodb'); -const table = new Table(stack, 'Table'); +const table = new Table(stack, 'Table', { + sseEnabled: true, + streamSpecification: StreamViewType.KeysOnly +}); table.addPartitionKey('hashKey', KeyAttributeType.String); table.addSortKey('rangeKey', KeyAttributeType.Number); diff --git a/packages/@aws-cdk/aws-dynamodb/test/test.dynamodb.ts b/packages/@aws-cdk/aws-dynamodb/test/test.dynamodb.ts index 7a6eaa2dd8ac2..8dee188a8e2c4 100644 --- a/packages/@aws-cdk/aws-dynamodb/test/test.dynamodb.ts +++ b/packages/@aws-cdk/aws-dynamodb/test/test.dynamodb.ts @@ -12,7 +12,7 @@ export = { test.done(); }, - 'range key only'(test: Test) { + 'hash key only'(test: Test) { const app = new TestApp(); new Table(app.stack, 'MyTable').addPartitionKey('hashKey', KeyAttributeType.Binary); const template = app.synthesizeTemplate(); @@ -33,7 +33,7 @@ export = { test.done(); }, - 'range + hash key'(test: Test) { + 'hash + range key'(test: Test) { const app = new TestApp(); new Table(app.stack, 'MyTable').addPartitionKey('hashKey', KeyAttributeType.Binary) .addSortKey('sortKey', KeyAttributeType.Number); @@ -60,7 +60,35 @@ export = { test.done(); }, - 'stream is not enabled by default'(test: Test) { + 'server-side encryption is not enabled'(test: Test) { + const app = new TestApp(); + new Table(app.stack, 'MyTable') + .addPartitionKey('partitionKey', KeyAttributeType.Binary) + .addSortKey('sortKey', KeyAttributeType.Number); + const template = app.synthesizeTemplate(); + + test.deepEqual(template, { + Resources: { + MyTable794EDED1: { + Type: 'AWS::DynamoDB::Table', + Properties: { + AttributeDefinitions: [ + { AttributeName: 'partitionKey', AttributeType: 'B' }, + { AttributeName: 'sortKey', AttributeType: 'N' } + ], + KeySchema: [ + { AttributeName: 'partitionKey', KeyType: 'HASH' }, + { AttributeName: 'sortKey', KeyType: 'RANGE' } + ], + ProvisionedThroughput: { ReadCapacityUnits: 5, WriteCapacityUnits: 5 }, + } + } + } + }); + + test.done(); + }, + 'stream is not enabled'(test: Test) { const app = new TestApp(); new Table(app.stack, 'MyTable') .addPartitionKey('partitionKey', KeyAttributeType.Binary) @@ -200,7 +228,9 @@ export = { const table = new Table(app.stack, 'MyTable', { tableName: 'MyTable', readCapacity: 42, - writeCapacity: 1337 + writeCapacity: 1337, + sseEnabled: true, + streamSpecification: StreamViewType.KeysOnly }); table.addPartitionKey('partitionKey', KeyAttributeType.String); table.addSortKey('sortKey', KeyAttributeType.Binary); @@ -223,6 +253,8 @@ export = { ReadCapacityUnits: 42, WriteCapacityUnits: 1337 }, + SSESpecification: { SSEEnabled: true }, + StreamSpecification: { StreamViewType: 'KEYS_ONLY' }, TableName: 'MyTable', } }