feat(client-dynamodb): This release introduces 3 new APIs ('GetResourcePolicy', 'PutResourcePolicy' and 'DeleteResourcePolicy') and modifies the existing 'CreateTable' API for the resource-based policy support. It also modifies several APIs to accept a 'TableArn' for the 'TableName' parameter.

Author: awstools

clients/client-dynamodb/README.md

@@ -283,6 +283,14 @@ DeleteItem
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/dynamodb/command/DeleteItemCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dynamodb/Interface/DeleteItemCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dynamodb/Interface/DeleteItemCommandOutput/)
 
+</details>
+<details>
+<summary>
+DeleteResourcePolicy
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/dynamodb/command/DeleteResourcePolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dynamodb/Interface/DeleteResourcePolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dynamodb/Interface/DeleteResourcePolicyCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -443,6 +451,14 @@ GetItem
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/dynamodb/command/GetItemCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dynamodb/Interface/GetItemCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dynamodb/Interface/GetItemCommandOutput/)
 
+</details>
+<details>
+<summary>
+GetResourcePolicy
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/dynamodb/command/GetResourcePolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dynamodb/Interface/GetResourcePolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dynamodb/Interface/GetResourcePolicyCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -515,6 +531,14 @@ PutItem
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/dynamodb/command/PutItemCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dynamodb/Interface/PutItemCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dynamodb/Interface/PutItemCommandOutput/)
 
+</details>
+<details>
+<summary>
+PutResourcePolicy
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/dynamodb/command/PutResourcePolicyCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dynamodb/Interface/PutResourcePolicyCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-dynamodb/Interface/PutResourcePolicyCommandOutput/)
+
 </details>
 <details>
 <summary>

clients/client-dynamodb/src/DynamoDB.ts

@@ -34,6 +34,11 @@ import {
   DeleteBackupCommandOutput,
 } from "./commands/DeleteBackupCommand";
 import { DeleteItemCommand, DeleteItemCommandInput, DeleteItemCommandOutput } from "./commands/DeleteItemCommand";
+import {
+  DeleteResourcePolicyCommand,
+  DeleteResourcePolicyCommandInput,
+  DeleteResourcePolicyCommandOutput,
+} from "./commands/DeleteResourcePolicyCommand";
 import { DeleteTableCommand, DeleteTableCommandInput, DeleteTableCommandOutput } from "./commands/DeleteTableCommand";
 import {
   DescribeBackupCommand,
@@ -126,6 +131,11 @@ import {
   ExportTableToPointInTimeCommandOutput,
 } from "./commands/ExportTableToPointInTimeCommand";
 import { GetItemCommand, GetItemCommandInput, GetItemCommandOutput } from "./commands/GetItemCommand";
+import {
+  GetResourcePolicyCommand,
+  GetResourcePolicyCommandInput,
+  GetResourcePolicyCommandOutput,
+} from "./commands/GetResourcePolicyCommand";
 import { ImportTableCommand, ImportTableCommandInput, ImportTableCommandOutput } from "./commands/ImportTableCommand";
 import { ListBackupsCommand, ListBackupsCommandInput, ListBackupsCommandOutput } from "./commands/ListBackupsCommand";
 import {
@@ -147,6 +157,11 @@ import {
   ListTagsOfResourceCommandOutput,
 } from "./commands/ListTagsOfResourceCommand";
 import { PutItemCommand, PutItemCommandInput, PutItemCommandOutput } from "./commands/PutItemCommand";
+import {
+  PutResourcePolicyCommand,
+  PutResourcePolicyCommandInput,
+  PutResourcePolicyCommandOutput,
+} from "./commands/PutResourcePolicyCommand";
 import { QueryCommand, QueryCommandInput, QueryCommandOutput } from "./commands/QueryCommand";
 import {
   RestoreTableFromBackupCommand,
@@ -223,6 +238,7 @@ const commands = {
   CreateTableCommand,
   DeleteBackupCommand,
   DeleteItemCommand,
+  DeleteResourcePolicyCommand,
   DeleteTableCommand,
   DescribeBackupCommand,
   DescribeContinuousBackupsCommand,
@@ -243,6 +259,7 @@ const commands = {
   ExecuteTransactionCommand,
   ExportTableToPointInTimeCommand,
   GetItemCommand,
+  GetResourcePolicyCommand,
   ImportTableCommand,
   ListBackupsCommand,
   ListContributorInsightsCommand,
@@ -252,6 +269,7 @@ const commands = {
   ListTablesCommand,
   ListTagsOfResourceCommand,
   PutItemCommand,
+  PutResourcePolicyCommand,
   QueryCommand,
   RestoreTableFromBackupCommand,
   RestoreTableToPointInTimeCommand,
@@ -375,6 +393,23 @@ export interface DynamoDB {
     cb: (err: any, data?: DeleteItemCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link DeleteResourcePolicyCommand}
+   */
+  deleteResourcePolicy(
+    args: DeleteResourcePolicyCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<DeleteResourcePolicyCommandOutput>;
+  deleteResourcePolicy(
+    args: DeleteResourcePolicyCommandInput,
+    cb: (err: any, data?: DeleteResourcePolicyCommandOutput) => void
+  ): void;
+  deleteResourcePolicy(
+    args: DeleteResourcePolicyCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: DeleteResourcePolicyCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link DeleteTableCommand}
    */
@@ -687,6 +722,23 @@ export interface DynamoDB {
     cb: (err: any, data?: GetItemCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link GetResourcePolicyCommand}
+   */
+  getResourcePolicy(
+    args: GetResourcePolicyCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<GetResourcePolicyCommandOutput>;
+  getResourcePolicy(
+    args: GetResourcePolicyCommandInput,
+    cb: (err: any, data?: GetResourcePolicyCommandOutput) => void
+  ): void;
+  getResourcePolicy(
+    args: GetResourcePolicyCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: GetResourcePolicyCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link ImportTableCommand}
    */
@@ -810,6 +862,23 @@ export interface DynamoDB {
     cb: (err: any, data?: PutItemCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link PutResourcePolicyCommand}
+   */
+  putResourcePolicy(
+    args: PutResourcePolicyCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<PutResourcePolicyCommandOutput>;
+  putResourcePolicy(
+    args: PutResourcePolicyCommandInput,
+    cb: (err: any, data?: PutResourcePolicyCommandOutput) => void
+  ): void;
+  putResourcePolicy(
+    args: PutResourcePolicyCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: PutResourcePolicyCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link QueryCommand}
    */

clients/client-dynamodb/src/DynamoDBClient.ts

@@ -69,6 +69,10 @@ import { CreateGlobalTableCommandInput, CreateGlobalTableCommandOutput } from ".
 import { CreateTableCommandInput, CreateTableCommandOutput } from "./commands/CreateTableCommand";
 import { DeleteBackupCommandInput, DeleteBackupCommandOutput } from "./commands/DeleteBackupCommand";
 import { DeleteItemCommandInput, DeleteItemCommandOutput } from "./commands/DeleteItemCommand";
+import {
+  DeleteResourcePolicyCommandInput,
+  DeleteResourcePolicyCommandOutput,
+} from "./commands/DeleteResourcePolicyCommand";
 import { DeleteTableCommandInput, DeleteTableCommandOutput } from "./commands/DeleteTableCommand";
 import { DescribeBackupCommandInput, DescribeBackupCommandOutput } from "./commands/DescribeBackupCommand";
 import {
@@ -120,6 +124,7 @@ import {
   ExportTableToPointInTimeCommandOutput,
 } from "./commands/ExportTableToPointInTimeCommand";
 import { GetItemCommandInput, GetItemCommandOutput } from "./commands/GetItemCommand";
+import { GetResourcePolicyCommandInput, GetResourcePolicyCommandOutput } from "./commands/GetResourcePolicyCommand";
 import { ImportTableCommandInput, ImportTableCommandOutput } from "./commands/ImportTableCommand";
 import { ListBackupsCommandInput, ListBackupsCommandOutput } from "./commands/ListBackupsCommand";
 import {
@@ -132,6 +137,7 @@ import { ListImportsCommandInput, ListImportsCommandOutput } from "./commands/Li
 import { ListTablesCommandInput, ListTablesCommandOutput } from "./commands/ListTablesCommand";
 import { ListTagsOfResourceCommandInput, ListTagsOfResourceCommandOutput } from "./commands/ListTagsOfResourceCommand";
 import { PutItemCommandInput, PutItemCommandOutput } from "./commands/PutItemCommand";
+import { PutResourcePolicyCommandInput, PutResourcePolicyCommandOutput } from "./commands/PutResourcePolicyCommand";
 import { QueryCommandInput, QueryCommandOutput } from "./commands/QueryCommand";
 import {
   RestoreTableFromBackupCommandInput,
@@ -193,6 +199,7 @@ export type ServiceInputTypes =
   | CreateTableCommandInput
   | DeleteBackupCommandInput
   | DeleteItemCommandInput
+  | DeleteResourcePolicyCommandInput
   | DeleteTableCommandInput
   | DescribeBackupCommandInput
   | DescribeContinuousBackupsCommandInput
@@ -213,6 +220,7 @@ export type ServiceInputTypes =
   | ExecuteTransactionCommandInput
   | ExportTableToPointInTimeCommandInput
   | GetItemCommandInput
+  | GetResourcePolicyCommandInput
   | ImportTableCommandInput
   | ListBackupsCommandInput
   | ListContributorInsightsCommandInput
@@ -222,6 +230,7 @@ export type ServiceInputTypes =
   | ListTablesCommandInput
   | ListTagsOfResourceCommandInput
   | PutItemCommandInput
+  | PutResourcePolicyCommandInput
   | QueryCommandInput
   | RestoreTableFromBackupCommandInput
   | RestoreTableToPointInTimeCommandInput
@@ -252,6 +261,7 @@ export type ServiceOutputTypes =
   | CreateTableCommandOutput
   | DeleteBackupCommandOutput
   | DeleteItemCommandOutput
+  | DeleteResourcePolicyCommandOutput
   | DeleteTableCommandOutput
   | DescribeBackupCommandOutput
   | DescribeContinuousBackupsCommandOutput
@@ -272,6 +282,7 @@ export type ServiceOutputTypes =
   | ExecuteTransactionCommandOutput
   | ExportTableToPointInTimeCommandOutput
   | GetItemCommandOutput
+  | GetResourcePolicyCommandOutput
   | ImportTableCommandOutput
   | ListBackupsCommandOutput
   | ListContributorInsightsCommandOutput
@@ -281,6 +292,7 @@ export type ServiceOutputTypes =
   | ListTablesCommandOutput
   | ListTagsOfResourceCommandOutput
   | PutItemCommandOutput
+  | PutResourcePolicyCommandOutput
   | QueryCommandOutput
   | RestoreTableFromBackupCommandOutput
   | RestoreTableToPointInTimeCommandOutput

clients/client-dynamodb/src/commands/CreateTableCommand.ts

@@ -120,6 +120,7 @@ export interface CreateTableCommandOutput extends CreateTableOutput, __MetadataB
  *   ],
  *   TableClass: "STANDARD" || "STANDARD_INFREQUENT_ACCESS",
  *   DeletionProtectionEnabled: true || false,
+ *   ResourcePolicy: "STRING_VALUE",
  * };
  * const command = new CreateTableCommand(input);
  * const response = await client.send(command);

clients/client-dynamodb/src/commands/DeleteResourcePolicyCommand.ts

@@ -0,0 +1,126 @@
+// smithy-typescript generated code
+import { getEndpointPlugin } from "@smithy/middleware-endpoint";
+import { getSerdePlugin } from "@smithy/middleware-serde";
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+
+import { DynamoDBClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../DynamoDBClient";
+import { commonParams } from "../endpoint/EndpointParameters";
+import { DeleteResourcePolicyInput, DeleteResourcePolicyOutput } from "../models/models_0";
+import { de_DeleteResourcePolicyCommand, se_DeleteResourcePolicyCommand } from "../protocols/Aws_json1_0";
+
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link DeleteResourcePolicyCommand}.
+ */
+export interface DeleteResourcePolicyCommandInput extends DeleteResourcePolicyInput {}
+/**
+ * @public
+ *
+ * The output of {@link DeleteResourcePolicyCommand}.
+ */
+export interface DeleteResourcePolicyCommandOutput extends DeleteResourcePolicyOutput, __MetadataBearer {}
+
+/**
+ * <p>Deletes the resource-based policy attached to the resource, which can be a table or stream.</p>
+ *          <p>
+ *             <code>DeleteResourcePolicy</code> is an idempotent operation; running it multiple times on the same resource <i>doesn't</i> result in an error response, unless you specify an <code>ExpectedRevisionId</code>, which will then return a <code>PolicyNotFoundException</code>.</p>
+ *          <important>
+ *             <p>To make sure that you don't inadvertently lock yourself out of your own resources, the root principal in your Amazon Web Services account can perform <code>DeleteResourcePolicy</code> requests, even if your resource-based policy explicitly denies the root principal's access.
+ *             </p>
+ *          </important>
+ *          <note>
+ *             <p>
+ *                <code>DeleteResourcePolicy</code> is an asynchronous operation. If you issue a <code>GetResourcePolicy</code> request immediately after running the <code>DeleteResourcePolicy</code> request, DynamoDB might still return the deleted policy. This is because the policy for your resource might not have been deleted yet. Wait for a few seconds, and then try the <code>GetResourcePolicy</code> request again.</p>
+ *          </note>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { DynamoDBClient, DeleteResourcePolicyCommand } from "@aws-sdk/client-dynamodb"; // ES Modules import
+ * // const { DynamoDBClient, DeleteResourcePolicyCommand } = require("@aws-sdk/client-dynamodb"); // CommonJS import
+ * const client = new DynamoDBClient(config);
+ * const input = { // DeleteResourcePolicyInput
+ *   ResourceArn: "STRING_VALUE", // required
+ *   ExpectedRevisionId: "STRING_VALUE",
+ * };
+ * const command = new DeleteResourcePolicyCommand(input);
+ * const response = await client.send(command);
+ * // { // DeleteResourcePolicyOutput
+ * //   RevisionId: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param DeleteResourcePolicyCommandInput - {@link DeleteResourcePolicyCommandInput}
+ * @returns {@link DeleteResourcePolicyCommandOutput}
+ * @see {@link DeleteResourcePolicyCommandInput} for command's `input` shape.
+ * @see {@link DeleteResourcePolicyCommandOutput} for command's `response` shape.
+ * @see {@link DynamoDBClientResolvedConfig | config} for DynamoDBClient's `config` shape.
+ *
+ * @throws {@link InternalServerError} (server fault)
+ *  <p>An error occurred on the server side.</p>
+ *
+ * @throws {@link InvalidEndpointException} (client fault)
+ *
+ * @throws {@link LimitExceededException} (client fault)
+ *  <p>There is no limit to the number of daily on-demand backups that can be taken. </p>
+ *          <p>For most purposes, up to 500 simultaneous table operations are allowed per account. These operations
+ *             include <code>CreateTable</code>, <code>UpdateTable</code>,
+ *                 <code>DeleteTable</code>,<code>UpdateTimeToLive</code>,
+ *                 <code>RestoreTableFromBackup</code>, and <code>RestoreTableToPointInTime</code>. </p>
+ *          <p>When you are creating a table with one or more secondary
+ *             indexes, you can have up to 250 such requests running at a time. However, if the table or
+ *             index specifications are complex, then DynamoDB might temporarily reduce the number
+ *             of concurrent operations.</p>
+ *          <p>When importing into DynamoDB, up to 50 simultaneous import table operations are allowed per account.</p>
+ *          <p>There is a soft account quota of 2,500 tables.</p>
+ *          <p>GetRecords was called with a value of more than 1000 for the limit request parameter.</p>
+ *          <p>More than 2 processes are reading from the same streams shard at the same time. Exceeding
+ *             this limit may result in request throttling.</p>
+ *
+ * @throws {@link PolicyNotFoundException} (client fault)
+ *  <p>The operation tried to access a nonexistent resource-based policy.</p>
+ *          <p>If you specified an <code>ExpectedRevisionId</code>, it's possible that a policy is present for the resource but its revision ID didn't match the expected value.</p>
+ *
+ * @throws {@link ResourceInUseException} (client fault)
+ *  <p>The operation conflicts with the resource's availability. For example, you
+ *             attempted to recreate an existing table, or tried to delete a table currently in the
+ *                 <code>CREATING</code> state.</p>
+ *
+ * @throws {@link ResourceNotFoundException} (client fault)
+ *  <p>The operation tried to access a nonexistent table or index. The resource might not
+ *             be specified correctly, or its status might not be <code>ACTIVE</code>.</p>
+ *
+ * @throws {@link DynamoDBServiceException}
+ * <p>Base exception class for all service exceptions from DynamoDB service.</p>
+ *
+ * @public
+ */
+export class DeleteResourcePolicyCommand extends $Command
+  .classBuilder<
+    DeleteResourcePolicyCommandInput,
+    DeleteResourcePolicyCommandOutput,
+    DynamoDBClientResolvedConfig,
+    ServiceInputTypes,
+    ServiceOutputTypes
+  >()
+  .ep({
+    ...commonParams,
+  })
+  .m(function (this: any, Command: any, cs: any, config: DynamoDBClientResolvedConfig, o: any) {
+    return [
+      getSerdePlugin(config, this.serialize, this.deserialize),
+      getEndpointPlugin(config, Command.getEndpointParameterInstructions()),
+    ];
+  })
+  .s("DynamoDB_20120810", "DeleteResourcePolicy", {})
+  .n("DynamoDBClient", "DeleteResourcePolicyCommand")
+  .f(void 0, void 0)
+  .ser(se_DeleteResourcePolicyCommand)
+  .de(de_DeleteResourcePolicyCommand)
+  .build() {}