AccessDeniedException:用户无权对资源执行 dynamodb BatchWriteItem:表
[英]AccessDeniedException: User is not authorized to perform dynamodb BatchWriteItem on resource: table
问题描述
I am using nodejs, serverless and aws dynamodb.
我正在使用 nodejs、无服务器和 aws dynamodb。 I am trying to create a lambda where I am calling an API, getting the data (1000 records) and now, I want to insert this data into my dynamodb.我正在尝试创建一个 lambda,在其中调用 API,获取数据(1000 条记录),现在,我想将此数据插入到我的 dynamodb 中。
I am using batchWrite for this and using it by creating buckets of 25 json objects each.我为此使用了 batchWrite 并通过创建每个包含 25 个 json 对象的桶来使用它。 But I am getting an error:但我收到一个错误:
AccessDeniedException: <Username> is not authorized to perform dynamodb BatchWriteItem on resource <table-name>
When I do the same without batchWrite and individual PUT operations, it works fine (but I need to use batch because that gives throughput exceeded error).当我在没有 batchWrite 和单独 PUT 操作的情况下做同样的事情时,它工作正常(但我需要使用批处理,因为这会导致吞吐量超出错误)。
I have given all administrative rights in AWS to the user which I am using with serverless.我已将 AWS 中的所有管理权限授予我使用无服务器的用户。
2 个解决方案
解决方案1
11 已采纳 2018-03-15 13:23:59
in your serverless.yml file, you should add a new role在 serverless.yml 文件中,您应该添加一个新角色
- Effect: Allow
Action:
- dynamodb:DescribeTable
- dynamodb:Query
- dynamodb:Scan
- dynamodb:GetItem
- dynamodb:PutItem
- dynamodb:UpdateItem
- dynamodb:DeleteItem
- dynamodb:BatchWriteItem
Resource: "arn:aws:dynamodb:${self:custom.region}:*:table/*"
解决方案2
3 2020-08-19 02:45:19
Here is how I set it when using Amplify CLI project:以下是我在使用 Amplify CLI 项目时设置它的方法:
{
"Effect": "Allow",
"Action": [
"dynamodb:PutItem",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:UpdateItem",
"dynamodb:BatchWriteItem",
"dynamodb:Scan"
],
"Resource": "arn:aws:dynamodb:*:*:table/*"
},
{
"Effect": "Allow",
"Action": "dynamodb:Query",
"Resource": "arn:aws:dynamodb:*:*:table/*/index/*"
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.