如何使用alexa节点sdk将我的alexa应用程序连接到dynamo数据库?
[英]How do I connect my alexa app to dynamo db with the alexa node sdk?
问题描述
I have created a lambda function that attempts to make a connection with Dynamo DB through the Alexa Skills Kit for Node according to the documentation all you need to connect to the database is 
我创建了一个lambda函数,该函数尝试根据文档中通过Alexa Skills Kit for Node与Dynamo DB进行连接的所有连接到数据库的所需信息是
alexa.dynamoDBTableName = 'YourTableName'; // That's it!
For some reason I get the following error 由于某种原因,我收到以下错误
User: arn:aws:sts::XXXXXXXXXXX:assumed-role/lambda_basic_dynamo/MyApp is not authorized to perform: dynamodb:GetItem on resource: arn:aws:dynamodb:us-east-1:XXXXXXXXX:table/McCannHealth"
The weird thing is that I made new roll called lambda_full_access and changed it for the skill, but it's still assuming another roll. 奇怪的是,我做了一个名为lambda_full_access的新卷,并针对技能进行了更改,但它仍在继续。 What am I doing wrong. 我究竟做错了什么。
2 个解决方案
解决方案1
0 2017-04-25 20:45:21
I don't know if you already figured it out, but you'd have to edit the permission JSON yourself. 我不知道您是否已经知道了,但是您必须自己编辑权限JSON。 So when your creating a new IAM role, open the "Advanced settings" and change the content of the JSON to: 因此,当您创建新的IAM角色时,请打开“高级设置”,然后将JSON的内容更改为:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudwatch:*",
"cognito-identity:ListIdentityPools",
"cognito-sync:GetCognitoEvents",
"cognito-sync:SetCognitoEvents",
"dynamodb:*",
"events:*",
"iam:ListAttachedRolePolicies",
"iam:ListRolePolicies",
"iam:ListRoles",
"iam:PassRole",
"kinesis:DescribeStream",
"kinesis:ListStreams",
"kinesis:PutRecord",
"lambda:*",
"logs:*",
"s3:*",
"sns:ListSubscriptions",
"sns:ListSubscriptionsByTopic",
"sns:ListTopics",
"sns:Subscribe",
"sns:Unsubscribe",
"sns:Publish",
"sqs:ListQueues",
"sqs:SendMessage",
"kms:ListAliases",
"ec2:DescribeVpcs",
"ec2:DescribeSubnets",
"ec2:DescribeSecurityGroups",
"iot:GetTopicRule",
"iot:ListTopicRules",
"iot:CreateTopicRule",
"iot:ReplaceTopicRule",
"iot:AttachPrincipalPolicy",
"iot:AttachThingPrincipal",
"iot:CreateKeysAndCertificate",
"iot:CreatePolicy",
"iot:CreateThing",
"iot:ListPolicies",
"iot:ListThings",
"iot:DescribeEndpoint"
],
"Resource": "*"
}
]
}
Above gives a full access to DynamoDB. 上面提供了对DynamoDB的完全访问权限。 JSON for other permissions are available on AWS as well. 其他权限的JSON在AWS上也可用。
解决方案2
0 2017-08-27 22:12:17
This is clearly permission issue. 这显然是权限问题。 You have selected a role "lambda_full_access". 您选择了一个角色“ lambda_full_access”。 If you have created that role then please check you have give dynamoDB GetItem permission to that role. 如果已创建该角色,请检查是否已授予dynamoDB GetItem对该角色的权限。 If you have selected one of the default role then you can either you can edit that role and attach a custom policy with below policy, 如果您选择了默认角色之一,则可以编辑该角色并在以下策略中附加自定义策略,
{ "Version": "2012-10-17", "Statement": [ { "Sid": "YouID", "Effect": "Allow", "Action": [ "dynamodb:GetItem", "dynamodb:Scan" ], "Resource": [ "YOUR DYNAMODB ARN HERE" ] } ] }
It means now your role will have full lambda access and dynamoDB access for only "GetItem" and "Scan". 这意味着现在您的角色将仅对“ GetItem”和“ Scan”具有完全的lambda访问和dynamoDB访问。 If you want more permission like "PutItem" etc. you can add it. 如果您需要更多权限,例如“ PutItem”等,则可以添加它。
Alternatively you can create a custom role and can attach policies for Lambda access and can create a custom policy with the above given setting. 或者,您可以创建自定义角色,可以附加用于Lambda访问的策略,还可以使用上述给定设置创建自定义策略。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.