无服务器调用错误：“无权执行：资源上的 dynamodb:BatchWriteItem：arn:aws:...”

Question

I have this iamRoleStatements on my serverless.yml , which should allow those actions to my lambda functions:

- Effect: Allow
  Action:
    - dynamodb:Query
    - dynamodb:Scan
    - dynamodb:GetItem
    - dynamodb:PutItem
    - dynamodb:UpdateItem
    - dynamodb:DeleteItem
    - dynamodb:BatchWriteItem
    - dynamodb:BatchReadItem
  Resource: "arn:aws:dynamodb:${self:provider.region}:*:table/${self:custom.tableName}"

And this my lambda yml:

functions:
  scraping:
    handler: handler.scraping
    memorySize: 1536
    layers:
      - !Sub 'arn:aws:lambda:${AWS::Region}:764866452798:layer:chrome-aws-lambda:22'
    timeout: 15
    events:
      - schedule:
          rate: ${self:custom.scheduleRate}
          name: schedule-scraping-${self:provider.stage}
          description: scraping each 5 minute
          enabled: ${self:custom.enabled}

In my handle function, I try to insert an item, but I'm getting this error:

AccessDeniedException: User: arn:aws:sts::006977245882:assumed-role/BestSellers-qa-us-east-1-lambdaRole/BestSellers-qa-scraping is not authorized to perform: dynamodb:BatchWriteItem on resource: arn:aws:dynamodb:us-east-1:006977245882:table/TABLE_NAME
   at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:52:27)
   at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:106:20) ...

Answer 1

Unless you've edited/redacted TABLE_NAME in the error message, my guess is that you're inadvertently attempting to write to a table which probably doesn't exist ( TABLE_NAME ).

You haven't posted your handler code, but I'd check your code and verify that your actual table name is being set/interpolated correctly before your handler code attempts to insert an item with the DynamoDB API.