User is not authorized to perform: dynamodb:GetItem
Question
I've created my api in vercel, which uses aws lambda. In my function, I've used a call to dynamodb in my aws account.
But I keep getting AccessDeniedException .
But, When I run it locally, there is no issue.
AccessDeniedException: User: arn:aws:sts::764717618004:assumed-role/cloudwatch_logs_events_putter/L0ZFqQmkoVXQ44u8QwB1yH0f-805fd9d54732e5470e54bf12bd9a25672e379b5
is not authorized to perform: dynamodb:GetItem on resource: arn:aws:dynamodb:ap-south-1:764717618004:table/users
this adresses the issue when both lambda and dynamo are of the same user account.
1 answers
solution1
1 ACCPTED 2020-11-15 06:14:06
Well guess what, after hours of combing through aws documentation I got to the root of the issue. The user: arn:aws:sts::764717618004:assumed-role/ and arn:aws:dynamodb:ap-south-1:764717618004:table/users are the same, which was odd once I thought about it.
Because the aws Id of dynamodb should've been mine, but it's evidently not. So I tried logging the accessKeyId , and to my surprise it was not what I set in the Environment.
Then I just checked out what's in vercel env ls . There was nothing wrong at first sight, but then I noticed a little typo in the DYNAMODB_ACCESS_KYE_ID .
YES IT WAS JUST A TYPO . successfully wasted 6+ hours on a typo in environment variable.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.