堆栈内存溢出
  简体   繁体   English

在其他AWS账户中查询Dynamodb-无服务器框架

[英]Querying Dynamodb in a different AWS account - Serverless Framework

 原文  2017-05-24 11:22:43       amazon-web-services/ amazon-dynamodb/ amazon-iam/ serverless-framework

问题描述

I need to connect to the dynamoDB table in one AWS account from lambda of a different AWS account. 我需要从另一个AWS账户的lambda连接到一个AWS账户中的dynamoDB表。 Currently, I'm trying to connect to dynamodb through Serverless Offline. 当前,我正在尝试通过无服务器脱机连接到dynamodb。 I'm able to connect to a table in my AWS account but get an error when trying to connect to dynamoDB table in another account. 我可以连接到我的AWS账户中的表,但是尝试连接到另一个账户中的dynamoDB表时出现错误。

Error: Request Not Found. 错误:找不到请求。 (I have checked twice. The table does exist.) (我检查了两次。该表确实存在。)

The role I'm using in the serverlesss.yml has full admin privileges(including DynamoDB) 我在serverlesss.yml中使用的角色具有完整的管理员特权(包括DynamoDB) 

serverless.yml

provider:
  name: aws
  runtime: nodejs6.10
  role: "arn:aws:iam::******:role/abcRole"
  iamRoleStatements:
    - Effect: Allow
      Action: ["dynamodb:*"]
      Resource: "arn:aws:dynamodb:us-east-1:*:*"



db.js

let dynamodbOnlineOptions = {
    region: 'us-east-1'
};

let client = new AWS.DynamoDB.DocumentClient(dynamodbOnlineOptions);

I think I'm making some mistake with permissions, but I'm able to identify the problem. 我认为我在权限上犯了一些错误,但是我能够找出问题所在。 Please help. 请帮忙。

1 个解决方案

解决方案1
 0  2017-05-24 12:59:32

The way forward I think is to create a cross account role that has access to that table, then have your lambda function assume that role. 我认为前进的方法是创建一个可以访问该表的交叉帐户角色,然后让您的lambda函数承担该角色。

Create the cross account role in the account that has the Dynamodb table and give it access to that. 在具有Dynamodb表的帐户中创建交叉帐户角色,并对其进行访问。

http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

Inside your lambda function have it assume that role and get temporary credentials to access that table. 在您的lambda函数内部,它承担了该角色并获得临时凭据以访问该表。

http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html http://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用无服务器框架访问不同 AWS 账户中的 SQS 队列 - Accessing SQS queue in a different AWS account using a serverless framework 无服务器框架、yaml 和 AWS lambda/DynamoDB 概念 - Serverless framework, yaml and AWS lambda/DynamoDB concepts 无服务器在 AWS 的不同账户中创建 Lambda - Serverless creating Lambda in different account in AWS 如何在使用无服务器框架时从AWS Lambda访问DynamoDB? - How to access DynamoDB from AWS Lambda when using the Serverless Framework? AWS 的无服务器框架:将初始数据添加到 Dynamodb 表中 - Serverless framework for AWS : Adding initial data into Dynamodb table 如何在无服务器框架中获取 AWS 账户 ID 作为自定义变量? - How to get AWS account id as custom variable in serverless framework? 使用在无服务器框架的aws帐户中定义的角色为每个功能分配角色 - assign Role For Each Function with a role defined in aws account in Serverless Framework 无服务器框架 AWS 跨账户自定义授权器 - Serverless framework AWS cross-account custom authorizer 使用AWS的无服务器框架,计划 - Serverless Framework With AWS, scheduling 使用 AWS AppSync 中的列表查询 DynamoDB - Querying DynamoDB with a list in AWS AppSync
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM