我有以下 lambda 函数
const partiQl = "UPDATE '?' SET hits = hits + 1 WHERE path = \"'?'\" RETURNING ALL NEW *"
console.log(partiQl)
console.log(event.path)
console.log(process.env.HITS_TABLE_NAME)
const execStatementCommand = new ExecuteStatementCommand({
Statement: partiQl,
Parameters: [
{ "S": process.env.HITS_TABLE_NAME } ,
{ "S": event.path }
]
});
console.log(execStatementCommand)
并且路径值基本上是带有正斜杠“/”的 URL
我收到此错误但无法弄清楚原因:
2021-10-12T02:56:41.021Z 23d1ea78-48d2-4390-b100-2a3479697e4f ERROR Statement wasn't well formed, can't be processed: Expected identifier for simple path
测试运行的 event.path 值为/test
HITS_TABLE 是从 CDK 调用传递下来的。有任何想法吗?
更新
我已将 partiQL 语句更改为此,错误更改为不支持表名。
const partiQl = `UPDATE "?" SET hits = hits + 1 WHERE "path" = "?" RETURNING ALL NEW *`
这是新的错误:
ERROR
Table name should be within the length [3, 255]
and only contain 'a-z', 'A-Z', '0-9', '-', '_', '.'.
如果我直接在字符串中包含参数,它似乎修复了 PartiQl 问题:
const partiQl = `UPDATE "${process.env.HITS_TABLE_NAME}" SET hits = hits + 1 ` +
`WHERE "path" = "${event.path}" RETURNING ALL NEW *`
console.log(partiQl)
const execStatementCommand = new ExecuteStatementCommand({
Statement: partiQl
});
PartiQl 和 AWS SDK v3 没有很好的例子,有什么想法吗?
更新
使用第二种方法,我得到以下错误
User: arn:XXXX is not authorized to perform: dynamodb:PartiQLUpdate on resource: arn:YYYYY
即使我已使用此方法授予表的读写权限:
table.grantReadWriteData(this.handler);
我看过https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/ql-iam.html
我需要 lambda 拥有的权限列表是:
"dynamodb:PartiQLInsert",
"dynamodb:PartiQLUpdate",
"dynamodb:PartiQLDelete",
"dynamodb:PartiQLSelect"
我是否必须创建自定义 IAM 策略才能添加这些?抱歉,总的来说,我对 AWS 很陌生。
更新
添加以下策略规则后,出现以下错误:
this.handler.role?.addToPolicy(new iam.PolicyStatement({
effect: iam.Effect.ALLOW,
resources: [table.tableArn],
actions: [
'dynamodb:PartiQLUpdate',
'dynamodb:PartiQLSelect',
'dynamodb:PartiQLInsert',
'dynamodb:PartiQLDelete'
]
}));
这是以下错误:
ERROR Where clause does not contain a mandatory equality on all key attributes
我认为这是因为更新调用没有找到任何行。