DynamoDB return 以下无权执行
DynamoDB return following is not authorized to perform
我有端点post请求
{ "pizza": 1, "address": "Bangladesh", "id": 2 }
它returns这样的错误
{ "errorMessage": "User: arn:aws:sts::676374644948:assumed-role/pizza-api-executor/pizza-api is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-east-2:676374644948:table/pizza-order" }
我的 DynamoDB IAM 策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"dynamodb:Scan",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "arn:aws:dynamodb:*:676374644948:table/*"
}
]
}
不知道如何解决这个问题
本演练可能有助于确保您正确设置了 lambda 使用的正确角色的权限。您必须创建一个 IAM 角色并将该角色分配为您的 lambda 使用的角色。那么您必须确保该角色具有正确的权限。
来自 AWS Lambda: Allows a Lambda function to access an Amazon DynamoDB table 示例:
To use this policy, replace the italicized placeholder text in the
example policy with your own information. Then, follow the directions
in create a policy or edit a policy.
To use this policy, attach the policy to a Lambda service role. A
service role is a role that you create in your account to allow a
service to perform actions on your behalf. That service role must
include AWS Lambda as the principal in the trust policy. For details
about how to use this policy, see How to Create an AWS IAM Policy to
Grant AWS Lambda Access to an Amazon DynamoDB Table in the AWS
Security Blog.
最后一个 link 将是最有用的,因为它遍历了整个过程并显示了所有步骤的屏幕截图。
我有端点post请求
{ "pizza": 1, "address": "Bangladesh", "id": 2 }
它returns这样的错误
{ "errorMessage": "User: arn:aws:sts::676374644948:assumed-role/pizza-api-executor/pizza-api is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-east-2:676374644948:table/pizza-order" }
我的 DynamoDB IAM 策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"dynamodb:Scan",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem"
],
"Resource": "*"
},
{
"Sid": "VisualEditor1",
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "arn:aws:dynamodb:*:676374644948:table/*"
}
]
}
不知道如何解决这个问题
本演练可能有助于确保您正确设置了 lambda 使用的正确角色的权限。您必须创建一个 IAM 角色并将该角色分配为您的 lambda 使用的角色。那么您必须确保该角色具有正确的权限。
来自 AWS Lambda: Allows a Lambda function to access an Amazon DynamoDB table 示例:
To use this policy, replace the italicized placeholder text in the example policy with your own information. Then, follow the directions in create a policy or edit a policy.
To use this policy, attach the policy to a Lambda service role. A service role is a role that you create in your account to allow a service to perform actions on your behalf. That service role must include AWS Lambda as the principal in the trust policy. For details about how to use this policy, see How to Create an AWS IAM Policy to Grant AWS Lambda Access to an Amazon DynamoDB Table in the AWS Security Blog.
最后一个 link 将是最有用的,因为它遍历了整个过程并显示了所有步骤的屏幕截图。