UNPKG

amazon-qldb-kvs-nodejs

Version:

A helper module, simplifying basic interactions with Amazon Quantum Ledger Database for Node.js through a simple key-value store interface.

github.com/aws-samples/amazon-qldb-kvs-nodejs

aws-samples/amazon-qldb-kvs-nodejs

120 lines (111 loc) 3.56 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# Setting up test on Github Action 1. Create a QLDB ledger named `vehicle-registration` with default encryption (AWS owned key) in `us-east-1` region. 2. Deploy this CloudFormation stack in your account in `us-east-1` region. Note down the IAM Role ARN. ```yaml Parameters: GitHubOrg: Type: String Default: "aws-samples" RepositoryName: Type: String Default: "amazon-qldb-kvs-nodejs" QLDBLedgerName: Type: String Default: "vehicle-registration" OIDCProviderArn: Description: Arn for the GitHub OIDC Provider. Default: "" Type: String Conditions: CreateOIDCProvider: !Equals - !Ref OIDCProviderArn - "" Resources: Role: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Statement: - Effect: Allow Action: sts:AssumeRoleWithWebIdentity Principal: Federated: !If - CreateOIDCProvider - !Ref GithubOidc - !Ref OIDCProviderArn Condition: StringLike: token.actions.githubusercontent.com:sub: !Sub repo:${GitHubOrg}/${RepositoryName}:* Policy: DependsOn: - Role Type: AWS::IAM::Policy Properties: PolicyName: qldb-access Roles: - Ref: Role PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - qldb:GetBlock - qldb:ListLedgers - qldb:GetRevision - qldb:DescribeLedger - qldb:SendCommand - qldb:GetDigest Resource: - Fn::Join: - '' - - 'arn:aws:qldb:' - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":ledger/" - Ref: QLDBLedgerName - Effect: Allow Action: - qldb:PartiQLCreateTable - qldb:PartiQLCreateIndex - qldb:PartiQLInsert - qldb:PartiQLUpdate - qldb:PartiQLSelect - qldb:PartiQLHistoryFunction Resource: - Fn::Join: - '' - - 'arn:aws:qldb:' - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":ledger/" - Ref: QLDBLedgerName - "/table/*" - Effect: Allow Action: - qldb:PartiQLSelect Resource: - Fn::Join: - '' - - 'arn:aws:qldb:' - Ref: AWS::Region - ":" - Ref: AWS::AccountId - ":ledger/" - Ref: QLDBLedgerName - "/information_schema/user_tables" GithubOidc: Type: AWS::IAM::OIDCProvider Condition: CreateOIDCProvider Properties: Url: https://token.actions.githubusercontent.com ClientIdList: - sts.amazonaws.com ThumbprintList: - 6938fd4d98bab03faadb97b34396831e3780aea1 Outputs: Role: Value: !GetAtt Role.Arn ``` 3. [Create a Github secret](https://docs.github.com/en/actions/security-guides/encrypted-secrets#creating-encrypted-secrets-for-a-repository) `IAM_ROLE_TO_ASSUME` and put the IAM Role ARN as the secret value.