gpt4 book ai didi

aws-lambda - 无法从 Lambda 函数查询 DynamoDB 表

转载 作者:行者123 更新时间:2023-12-03 07:36:01 25 4
gpt4 key购买 nike

执行 Lambda 函数时收到错误:

"AccessDeniedException: User: arn:aws:sts::342213474092:assumed-role/testServerlessStack-ExecRole-YZCIWMHK86D8/testServerlessStack-GetFailureKeysByOrder-OR3YS1NLQY0M is not authorized to perform: dynamodb:Scan on resource: arn:aws:dynamodb:us-east-2:342213474092:table/Bar"

该函数的执行角色具有以下权限:

{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"dynamodb:Query",
"dynamodb:Scan"
],
"Resource": [
"arn:aws:dynamodb:us-east-2:342213474092:table/Foo/*",
"arn:aws:dynamodb:us-east-2:342213474092:table/Bar/*"
],
"Effect": "Allow"
},
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "*",
"Effect": "Allow"
}
]
}

Lambda 查询 Foo,然后扫描 Bar

最佳答案

根据文档,资源的格式应为:

查询表:arn:aws:dynamodb:区域:帐户 ID:表/表名称

或者:arn:aws:dynamodb:区域:帐户 ID:表/*

扫描也是如此:

扫描表:arn:aws:dynamodb:区域:帐户 ID:表/表名称

或者:arn:aws:dynamodb:区域:帐户 ID:表/*

您是否尝试过将资源更改为:

"Resource": [
"arn:aws:dynamodb:us-east-2:342213474092:table/Foo",
"arn:aws:dynamodb:us-east-2:342213474092:table/Bar"
],

此处的文档:DynamoDB API permissions

根据您最后的评论,这应该适合您:

arn:aws:dynamodb:region:account-id:table/*/index/*

关于aws-lambda - 无法从 Lambda 函数查询 DynamoDB 表,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56958397/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com