How can I access an AWS DynamoDB as a guest user?

1
votes

I am using aws-amplify and aws-sdk in Angular JS/Typescript. I can successfully access my AWS DynamoDB as an authenticated user.

I am also trying to add guest user access for a certain table in Dynamo, but I am struggling to understand how I would get a reference to the DynamoDB without any credentials.

My code looks like this at the moment 

   getDocumentClient() {
    return Auth.currentCredentials()
     .then(credentials => new AWS.DynamoDB.DocumentClient({ credentials: credentials }))
     .catch(err => logger.debug('error getting document client', err));

How would I do something similar to get access to the DynamoDB as an unauthenticated guest user?

Cheers

Lee

2
amazon-web-servicesamazon-dynamodbaws-amplify

2 Answers

1
votes

Try makeUnauthenticatedRequest.

Here's an example with S3 - I've shown this because I know you can make requests to S3 from the AWS SDK as an unauthenticated user. I'm assuming that this will also work for DynamoDB but have not tested it.

var s3 = new AWS.S3();

var params = {
    Bucket: 'mybucket'
};

s3.makeUnauthenticatedRequest('listObjects', params, callback);

The more strategic approach would be Amazon Cognito Identity Pools which support unauthenticated/guest identities. Cognito vends an identity and AWS credentials, and you can configure an IAM role allowing DynamoDB read access for unauthenticated identity types.

0
votes

I think you can refer to what is mentioned in the blog post below.

https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/

The basic idea is to use API Gateway as a proxy for DynamoDB API. Permission to access DynamoDB is granted to API Gateway via execution role, and API Gateway is configured to open to public. In doing so, the flow will be as follows:

Web Browser <----- HTTPS -----> API Gateway <----- AWS Service Proxy integration -----> DynamoDB