1

Let's say I have an "Banner" Table.
There are 2 possible use cases for this table.

1.get all banner data from table

My lambda function might like below:

'use strict'
const AWS = require('aws-sdk');

exports.handler = async function (event, context, callback) {
    const documentClient = new AWS.DynamoDB.DocumentClient();

    let responseBody = "";
    let statusCode = 0;

    const params = {
        TableName : "Banner",
    };

    try{
        const data = await documentClient.scan(params).promise();
        responseBody = JSON.stringify(data.Items);
        statusCode = 200
    }catch(err){
        responseBody = `Unabel to get products: ${err}`;
        statusCode = 403
    }

    const response = {
        statusCode: statusCode,
        headers:{
            "Content-Type": "application/json",
            'Access-Control-Allow-Origin': '*', // Required for CORS support to work
        },
        body: responseBody
    }

    return response
}

2.Query by user partition key/GSI

I may need to query based on banner id or banner title to get the corresponding table.

At first, I was thinking combine this two user case in one single lambda function.
until I opened below post.
 

aws - how to set lambda function to make dynamic query to dynamodb

One of the comments provide a way for me to do the dynamic query for these 2 user case, but he/she also mention that:

you are giving anyone invoke the request the ability to put any query in the request, that might put you vulnerable to some type of SQL Injection attacks.

This makes me thinking whether I should separate these 2 user cases in two lambda function?
What is the general practise for these kinds of things?

Improve this question

2 Answers 2

Reset to default
0

Generally speaking, also if the "SQL Injection" can be blocked it's good to separate this into 2 functions, Lambda handler should be single responsibility. If you want to reuse the code you can create some common DAL that you can create with the common code.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

I think this comes down to personal preference, but I'd recommend splitting the functionality into two lambdas.

It sounds like you have two access patterns:

  1. Get all banners
  2. Get banners by user

I would probably implement these with two separate lambdas. If I were exposing this functionality via an API, I'd probably create two endpoints:

  1. GET /banners. (fetches all banners)
  2. GET /users/[user_id]/banners. (fetches all banners for a given user)

Each of these endpoints would route to their own lambda that services the specific request. If you serve the request with a single lambda, you'll have to introduce logic within your lambdas to determine which type of request you're fulfilling. I can't imagine what you'd gain by using only one lambda.

Keep your lambda code focused on a single responsibility, it'll make it easier to develop, test, and debug.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.