Serverless invoke error: "is not authorized to perform: dynamodb:BatchWriteItem on resource: arn:aws:..."
Serverless invoke error: "is not authorized to perform: dynamodb:BatchWriteItem on resource: arn:aws:..."
我的 serverless.yml 上有这个 iamRoleStatements,它应该允许对我的 lambda 函数执行这些操作:
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
- dynamodb:BatchWriteItem
- dynamodb:BatchReadItem
Resource: "arn:aws:dynamodb:${self:provider.region}:*:table/${self:custom.tableName}"
这是我的 lambda yml:
functions:
scraping:
handler: handler.scraping
memorySize: 1536
layers:
- !Sub 'arn:aws:lambda:${AWS::Region}:764866452798:layer:chrome-aws-lambda:22'
timeout: 15
events:
- schedule:
rate: ${self:custom.scheduleRate}
name: schedule-scraping-${self:provider.stage}
description: scraping each 5 minute
enabled: ${self:custom.enabled}
在我的句柄函数中,我尝试插入一个项目,但我收到了这个错误:
AccessDeniedException: User: arn:aws:sts::006977245882:assumed-role/BestSellers-qa-us-east-1-lambdaRole/BestSellers-qa-scraping is not authorized to perform: dynamodb:BatchWriteItem on resource: arn:aws:dynamodb:us-east-1:006977245882:table/TABLE_NAME
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:52:27)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20) ...
除非您在错误消息中包含 edited/redacted TABLE_NAME,否则我的猜测是您无意中试图写入可能不存在的 table(TABLE_NAME).
您还没有发布您的处理程序代码,但我会检查您的代码并在您的处理程序代码尝试插入带有DynamoDB API.
我的 serverless.yml 上有这个 iamRoleStatements,它应该允许对我的 lambda 函数执行这些操作:
- Effect: Allow
Action:
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
- dynamodb:BatchWriteItem
- dynamodb:BatchReadItem
Resource: "arn:aws:dynamodb:${self:provider.region}:*:table/${self:custom.tableName}"
这是我的 lambda yml:
functions:
scraping:
handler: handler.scraping
memorySize: 1536
layers:
- !Sub 'arn:aws:lambda:${AWS::Region}:764866452798:layer:chrome-aws-lambda:22'
timeout: 15
events:
- schedule:
rate: ${self:custom.scheduleRate}
name: schedule-scraping-${self:provider.stage}
description: scraping each 5 minute
enabled: ${self:custom.enabled}
在我的句柄函数中,我尝试插入一个项目,但我收到了这个错误:
AccessDeniedException: User: arn:aws:sts::006977245882:assumed-role/BestSellers-qa-us-east-1-lambdaRole/BestSellers-qa-scraping is not authorized to perform: dynamodb:BatchWriteItem on resource: arn:aws:dynamodb:us-east-1:006977245882:table/TABLE_NAME
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:52:27)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20) ...
除非您在错误消息中包含 edited/redacted TABLE_NAME,否则我的猜测是您无意中试图写入可能不存在的 table(TABLE_NAME).
您还没有发布您的处理程序代码,但我会检查您的代码并在您的处理程序代码尝试插入带有DynamoDB API.