I am using below code to read from dyanoDB
import boto3
session = boto3.Session(
aws_access_key_id='XXXXXXXXXXXXXXXXXXXX',
aws_secret_access_key='XXXXXXXXXXXXXXXXXXXXXXX')
dynamodb = session.resource('dynamodb')
table = dynamodb.Table('Employee')
resp = table.get_item(Key={"Empid": 551554297})
This user has AWSAdmin access,DynamoDBfull Access and DyanamoDBread Access But still i am getting below errror while running the code
botocore.exceptions.ClientError: An error occurred (AccessDeniedException)
when calling the GetItem operation: User:
arn:aws:iam::944198216610:user/cduser is not authorized to perform:
dynamodb:GetItem on resource: arn:aws:dynamodb:us-east-
1:944198216610:table/Employee
Can someone help me figure out what i am doing wrong here ?
I've found with docker containers, even if you set your access and secret keys as environment variables during the build, you have to still explicitly declare region, key_id and access_key in your script: ex. boto3.resource('dynamodb', region_name=<>, aws_access_key_id=<>, aws_secret_access_key=<>) .
An alternative to having those set in plain text of your script is to store them in ~/.aws/config and ~/.aws/credentials or, even better, mounted as a secret.
I faced a similar problem while using the default role of the lambda function. Adding extra dynamodb statement to policy solved the problem in my case.
{
"Effect": "Allow",
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:ListTables",
"dynamodb:Query",
"dynamodb:Scan"
],
"Resource": [<dynamodb table ARN>]
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.