Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
3.6.0
-
None
-
Unknown
Description
On aws2-ddb endpoint start it constantly checking table status by doing DescribeTable request.
@Override public void doStart() throws Exception { super.doStart(); ddbClient = configuration.getAmazonDDBClient() != null ? configuration.getAmazonDDBClient() : createDdbClient(); String tableName = getConfiguration().getTableName(); LOG.trace("Querying whether table [{}] already exists...", tableName); try { DescribeTableRequest.Builder request = DescribeTableRequest.builder().tableName(tableName); TableDescription tableDescription = ddbClient.describeTable(request.build()).table(); if (!isTableActive(tableDescription)) { waitForTableToBecomeAvailable(tableName); } LOG.trace("Table [{}] already exists", tableName); return; } catch (ResourceNotFoundException e) { LOG.trace("Table [{}] doesn't exist yet", tableName); LOG.trace("Creating table [{}]...", tableName); TableDescription tableDescription = createTable(tableName); if (!isTableActive(tableDescription)) { waitForTableToBecomeAvailable(tableName); } LOG.trace("Table [{}] created", tableName); } }
Key issues with such approach:
- it requires to grant DescribeTable operation for client which provides sensitive information like KMS master key ARN/ID, billing information etc. (https://docs.aws.amazon.com/amazondynamodb/latest/APIReference/API_DescribeTable.html)
- after start and checking table status for being ACTIVE there is no guarantee that it's actually true on doing any other DDB operation with started component.
Potential Solution:
- introduce createTable configuration parameter and use DescribeTable only if createTable==true (default false)