We plan a multi tenant application using the AWS Timestream database. Unfortunately the database does not support any resource-based policy. To get the isolation we need to somehow proxy the query through a Lambda Function where we can control the query (see below). We put that behind an Appsync API. Ultimately we want to run queries from a user-frontend by a user who is associated with a certain tenant.
User -> Webapp -> Appsync -> Lambda -> Timestream
The query will need to have a certain condition like:
SELECT * FROM <database>.<table> WHERE tenantId = <tenantId>
Ideally we could model the query on the Webapp and send it to the backend. But as we need to protect against sql-injection attacks then I wonder if there is any possibility (like a global sql scope, or proper validation, etc) to make calls to the database in a secure (isolated) manner?
Otherwise we would have to model each query on the backend or specify some parameters of the query as input to a fixed query on the backend. Which is doable but not as flexible as I would like.
@pfried What about each tenant has their own Timestream table, then different tenants can be assigned different IAM execution roles to ensure that they can only access their own table. Once you have this layer of protection, you can model your query on the client webapp without worrying about cross-tenant data access.
Notes:
See service quotas at: https://docs.aws.amazon.com/general/latest/gr/timestream.html