![](/img/trans.png)
[英]CognitoIdentityCredentials is not authorized to perform: lambda:InvokeFunction on resource
[英]CognitoIdentityCredentials is not authorized to perform: dynamodb:Query on resource:
我一直在关注 DynamoDB 使用的 AWS 文档和示例代码,但在我的进步中停滞不前。 正确设置我的 Cognito 用户池/身份和 IAM 角色后,我无法再查询我的 DynamoDB 表。 我能够毫无问题地运行扫描、删除和 GetItem,但无法运行查询。 我的未经授权的 IAM 角色设置是否正确以在我的 DynamoDB 表上运行查询?
IAM 未授权角色:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1474743569000",
"Effect": "Allow",
"Action": [
"dynamodb:*"
],
"Resource": [
"arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/MyTable1"
]
},
{
"Sid": "Stmt1474743616000",
"Effect": "Allow",
"Action": [
"dynamodb:*"
],
"Resource": [
"arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/MyTable2"
]
}
]
查询功能:
func getQuery(){
//performing a query
let dynamoDBObjectMapper = AWSDynamoDBObjectMapper.default()
let queryExpression = AWSDynamoDBQueryExpression()
//queryExpression.scanIndexForward = 1
queryExpression.indexName = "Pay"
queryExpression.keyConditionExpression = "Company = :Company AND Pay > :Pay"
queryExpression.expressionAttributeValues = [
":Company" : "TestCompany",
":Pay" : 0];
dynamoDBObjectMapper .query(DDBTableRow.self, expression: queryExpression) .continue(with: AWSExecutor.mainThread(), with: { (task:AWSTask!) -> AnyObject! in
if (task.error != nil) {
print("Error: \(task.error)")
let alertController = UIAlertController(title: "Failed to query a test table.", message: task.error!.localizedDescription, preferredStyle: UIAlertControllerStyle.alert)
let okAction = UIAlertAction(title: "OK", style: UIAlertActionStyle.cancel, handler: { (action:UIAlertAction) -> Void in
})
alertController.addAction(okAction)
self.present(alertController, animated: true, completion: nil)
} else {
if (task.result != nil) {
self.pagniatedOutput = task.result! as AWSDynamoDBPaginatedOutput
}
//self.performSegue(withIdentifier: "unwindToMainSegue", sender: self)
}
return nil
})
}
预先感谢您的任何建议!
更新 #2:添加收到的异常:
Error: Optional(Error Domain=com.amazonaws.AWSServiceErrorDomain Code=6 "(null)"
UserInfo={__type=com.amazon.coral.service#AccessDeniedException,
Message=User: arn:aws:sts::XXXXXXXXXX:assumed-role/Cognito_testUserUnauth_Role/CognitoIdentityCredentials is
not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/MyTable1/index/Pay})
更新 #3:问题出在我的 IAM 角色中的 Resource 参数上。 我做了一个小改动,现在可以查询了。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1474743569000",
"Effect": "Allow",
"Action": [
"dynamodb:*"
],
"Resource": [
"arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/MyTable1",
"arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/MyTable1/index/*"
]
},
{
"Sid": "Stmt1474743616000",
"Effect": "Allow",
"Action": [
"dynamodb:*"
],
"Resource": [
"arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/MyTable2",
"arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/MyTable2/index/*"
]
}
]
更新 #3:问题出在我的 IAM 角色中的 Resource 参数上。 我做了一个小改动,现在可以查询了。
{"Version": "2012-10-17","Statement": [
{
"Sid": "Stmt1474743569000",
"Effect": "Allow",
"Action": [
"dynamodb:*"
],
"Resource": [
"arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/MyTable1",
"arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/MyTable1/index/*"
]
},
{
"Sid": "Stmt1474743616000",
"Effect": "Allow",
"Action": [
"dynamodb:*"
],
"Resource": [
"arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/MyTable2",
"arn:aws:dynamodb:us-east-1:XXXXXXXXXXXX:table/MyTable2/index/*"
]
}
]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.