I am new to QLDB and I am looking forward to use an centralized approach to replace a blockchain solution. It involves multiple stakeholders and we want stakeholder to onboard its multiple users to read their document states(account balance) associated with them in analogous to accounts/wallets in blockchain. After little research in the service documentation page, one way was to look at IAM policies and assigning roles but this doesn't solves the problem as the service user will have access to complete ledger. Also having aws accounts for large number of users doesn't seems feasible.
Asked
Active
Viewed 162 times
1 Answers
1
You can use IAM users to control access to the control APIs (such as using the verification APIs, or managing Kinesis streams). You cannot use IAM users to control PartiQL access, or restrict which documents appear in a Kinesis stream. This is a feature gap.
As of the time of writing, you would need to build a proxy layer around QLDB to restrict access to data based on your own notion of roles and permissions.
I will note that even if QLDB had the functionality you're talking about, it may still be desirable to have a proxy layer. As a thought experiment, consider a traditional RDBMS (e.g. MySQL) and think about whether you'd be comfortable having your "multiple stakeholders" connect directly to the primary database.
Marc
- 928
- 5
- 8