Skip to content

Add default aws API filter based on common standards #732

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 31, 2025
Merged

Add default aws API filter based on common standards #732

merged 2 commits into from
May 31, 2025

Conversation

shwdean
Copy link
Collaborator

@shwdean shwdean commented May 31, 2025

Issue #, if available:

Description of changes:

Classify AWS APIs into read and write based on AWS API naming standards (convention over configuration). This can be permanent or a stop-gap until traits are added to AWS API models.

By default adding AWS bundles will only include read APIs. Write APIs can be included by passing the --include-write-apis option, or by individually allow-listing the operation. Explicitly specified operations will always override convention-based filters.

For reference, here are the results when adding dynamo-db

Allowed [DescribeContinuousBackups, DescribeBackup, ListGlobalTables, ListImports, DescribeContributorInsights, ListBackups, DescribeTimeToLive, ListContributorInsights, DescribeTable, BatchGetItem, DescribeExport, GetItem, DescribeLimits, DescribeGlobalTable, ListTables, GetResourcePolicy, DescribeEndpoints, ListExports, DescribeImport, DescribeTableReplicaAutoScaling, DescribeGlobalTableSettings, DescribeKinesisStreamingDestination, ListTagsOfResource]

Blocked [UpdateContributorInsights, DeleteItem, Query, DeleteBackup, TagResource, TransactGetItems, CreateTable, PutResourcePolicy, EnableKinesisStreamingDestination, UpdateGlobalTable, UpdateKinesisStreamingDestination, ExecuteStatement, TransactWriteItems, UpdateContinuousBackups, BatchExecuteStatement, UpdateGlobalTableSettings, UpdateTimeToLive, ImportTable, RestoreTableToPointInTime, DisableKinesisStreamingDestination, DeleteResourcePolicy, ExportTableToPointInTime, BatchWriteItem, DeleteTable, RestoreTableFromBackup, UpdateTableReplicaAutoScaling, UpdateTable, UpdateItem, UntagResource, CreateGlobalTable, Scan, ExecuteTransaction, PutItem, CreateBackup]

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

adwsingh
adwsingh requested changes May 31, 2025
View reviewed changes
@adwsingh adwsingh force-pushed the default-aws-api-filter branch from 552a0b0 to e240514 Compare May 31, 2025 22:36
@adwsingh adwsingh force-pushed the default-aws-api-filter branch from e240514 to 1a98494 Compare May 31, 2025 22:45
@adwsingh adwsingh enabled auto-merge (rebase) May 31, 2025 22:48
@adwsingh adwsingh merged commit 4d576c1 into main May 31, 2025
2 checks passed
@adwsingh adwsingh deleted the default-aws-api-filter branch May 31, 2025 22:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adwsingh adwsingh adwsingh approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@shwdean @adwsingh