1

In AWS, I'm trying to set up CloudTrail logging on DynamoDB, to see what calls are being made and what effect that has on the DB records. I see the DB calls logged in CloudTrail, but the "responseElement" field is always "null".

According to the CloudTrail documentation, responseElement should be filled in "for actions that make changes (create, update, or delete actions)". But in the CloudTrail logs for PutItem or UpdateItem events, the responseElement is "null", even though the Dynamo records are created or updated.

I suspect there's a configuration option somewhere that I set incorrectly.

Does anyone know why I'm seeing "null" and how I can change CloudTrail to log the DynamoDB records that are being added or updated?

Amos Long
  • 845
  • 11
  • 14

1 Answers1

1

The default response to a PutItem request to DynamoDB is empty.

If you want content in the response, you need to indicate some combination of the following in the PutItem request:

  • ReturnValues
  • ReturnConsumedCapacity
  • ReturnItemCollectionMetrics

All of these default to NONE, in which case nothing is returned in the response.

jarmod
  • 71,565
  • 16
  • 115
  • 122
  • jarmod, that was super helpful. Thank you for including the link to the documentation! Now, I see that even though NONE, ALL_OLD, UPDATED_OLD, ALL_NEW, UPDATED_NEW are all "Valid Values" for the ReturnValues parameter, PutItem only recognizes NONE and ALL_OLD. – Amos Long May 02 '23 at 01:52
  • @AmosLong which SDK are you using to make the PutItem request? Python (boto3), JavaScript SDK v3? And for the test case you have an issue with, did an item with the same key previously exist, or not? – jarmod May 02 '23 at 13:27
  • I'm using boto3 (for Python). There were two cases I was looking at: PutItem for new items, and UpdateItem for existing items. – Amos Long May 04 '23 at 16:52
  • So, are you saying that you invoked put_item with ReturnValues=UPDATED_NEW to update an existing item with new attribute values but the response did not include the new attribute values? – jarmod May 04 '23 at 17:44