service_sdk_mappings possibly mapping "dynamodb": [..., "DynamoDB"] ?

[wittekm]

Hi there!

Perhaps I'm misunderstanding the usecase for service_sdk_mappings, but I think it's missing some entries.

For example, I would like to find all possible IAM Actions associated with a Cloudtrail action.
I don't know how to map a Cloudtrail action with
{ eventSource "dynamodb.amazonaws.com", eventName "BatchExecuteStatement"} (for example) (this may be a bad example since it's a data-level event)
to DynamoDB.BatchExecuteStatement due to capitalization.

Am I mis-using service_sdk_mappings or should it, in fact, have this in there?

---

as a workaround, for now I am trying an educated-guess by basically normalizing each entry in sdk_method_iam_mappings from "DynamoDB.BatchExecuteStatment" to "dynamodb.batchexecutestatement" and trying a best-guess "${eventSource without the amazonaws suffix}.${eventName}".lowercase() in addition to the mappings.

[iann0036]

Hi @wittekm,

This mapping is for the API methods (specifically, in the form the AWS JS SDK expects) to AWS IAM actions. It doesn't yet have any mapping towards CloudTrail.

You can map the AWS JS SDK methods to the raw API methods using the service JSONs included, but I don't believe there's any guarantee that the raw API methods and the CloudTrail events will line up.

You can also use the service name correlations at the bottom of the map to help you perform the appropriate service-to-service mappings.