[英]AWS DynamoDB access from Android, access denied to table
我正在嘗試在NoSQL DynamoDB上執行CRUD操作,我最初沒有將CognitoPool與我在AWS Mobile Hub上的項目集成在一起,但是我沒有這樣做,而是將我的json文件替換了項目中的“原始”目錄中。 該數據庫是完全公開的讀寫,但是由於某些原因,我不斷收到此錯誤:
com.amazonaws.AmazonServiceException: User: arn:aws:sts::1234567890:assumed-role/shoppinglist_unauth_MOBILEHUB_1234567890/CognitoIdentityCredentials is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east-1:1234567890:table/ShoppingLists (Service: AmazonDynamoDB; Status Code: 400; Error Code: AccessDeniedException; Request ID: BQ0HAP7PUGO6AUC04LOHUND1V3VV4KQNSO5AEMVJF66Q9ASUAAJG)
出於安全原因,我已將所有標識號更改為1234567890。
這是我的.json文件:
{
"UserAgent": "MobileHub/1.0",
"Version": "1.0",
"CredentialsProvider": {
"CognitoIdentity": {
"Default": {
"PoolId": "us-east-1******************,
"Region": "us-east-1"
}
}
},
"IdentityManager": {
"Default": {}
},
"CognitoUserPool": {
"Default": {
"PoolId": "us-east-1_*******",
"AppClientId": "5lg571jsd60ruvair8jiqpefbs",
"AppClientSecret": "bqn8edlp19gfgogfhf4j9qg1mq8u8ftpb328f652n0451gl2dnt",
"Region": "us-east-1"
}
},
"DynamoDBObjectMapper": {
"Default": {
"Region": "us-east-1"
}
},
"PinpointAnalytics": {
"Default": {
"AppId": "27e0f3ee2e63419c9dc8f18f23a294fe",
"Region": "us-east-1"
}
},
"PinpointTargeting": {
"Default": {
"Region": "us-east-1"
}
}
}
這是我的主活動類中的onCreate()方法
AWSMobileClient.getInstance().initialize(this, awsStartupResult ->
Log.d("YourMainActivity", "AWSMobileClient is instantiated and you are connected to AWS!"))
.execute();
// Instantiate a AmazonDynamoDBMapperClient
AmazonDynamoDBClient dynamoDBClient = new AmazonDynamoDBClient(AWSMobileClient.getInstance().getCredentialsProvider());
this.dynamoDBMapper = DynamoDBMapper.builder()
.dynamoDBClient(dynamoDBClient)
.awsConfiguration(AWSMobileClient.getInstance().getConfiguration())
.build();
Runnable runnable = () -> {
dbClient = new AmazonDynamoDBClient(AWSMobileClient.getInstance().getCredentialsProvider());
// Create a table reference
dbTable = Table.loadTable(dbClient, "ShoppingLists");
Document memo = new Document();
memo.put("Apple", "apple");
dbTable.putItem(memo);
};
Thread myThread = new Thread(runnable);
myThread.start();
我的build.gradle應該保存正確的依賴關系,這些依賴關系在這里,只要可能有點混亂:
implementation fileTree(include: ['*.jar'], dir: 'libs')
implementation 'com.android.support:appcompat-v7:27.1.1'
implementation 'com.android.support.constraint:constraint-layout:1.1.0'
testImplementation 'junit:junit:4.12'
androidTestImplementation 'com.android.support.test:runner:1.0.1'
androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.1'
implementation 'com.android.support:recyclerview-v7:27.1.1'
implementation ('com.amazonaws:aws-android-sdk-mobile-client:2.6.+@aar') { transitive = true }
implementation 'com.amazonaws:aws-android-sdk-core:2.6.18'
implementation 'com.amazonaws:aws-android-sdk-s3:2.6.18'
implementation 'com.amazonaws:aws-android-sdk-ddb:2.6.18'
implementation 'com.amazonaws:aws-android-sdk-ddb-mapper:2.6.18'
compile 'com.amazonaws:aws-android-sdk-core:2.6.18'
compile 'com.amazonaws:aws-android-sdk-ddb:2.6.18'
compile 'com.amazonaws:aws-android-sdk-ddb-document:2.4.4'
// Mobile Client for initializing the SDK
implementation ('com.amazonaws:aws-android-sdk-mobile-client:2.6.+@aar') { transitive = true }
// Cognito UserPools for SignIn
implementation 'com.android.support:support-v4:27.1.1'
implementation ('com.amazonaws:aws-android-sdk-auth-userpools:2.6.+@aar') { transitive = true }
// Sign in UI Library
implementation 'com.android.support:appcompat-v7:27.1.1'
implementation ('com.amazonaws:aws-android-sdk-auth-ui:2.6.+@aar') { transitive = true }
據我所知這應該工作正常,在這里的另一位樂於助人的人幫助我達到了它可以連接到AWS的地步,但確實可以訪問該表。
我想我有兩個問題,是否可以完全不使用Cognito池而只是完全不安全地執行此操作? 如果沒有,我如何使它與Cognito Pool一起使用? 認知池是否應具有與其關聯的用戶名?
讓我努力回答您的問題
1)如果沒有Cognito身份池,您可以這樣做嗎? 答案是肯定的。 這並不意味着它不安全-您可以使用為IAM用戶設置的AWS憑證。 但是,最佳實踐是使用Cognito身份池,它將為您提供在短時間內有效的臨時AWS憑證。
2)創建Cognito身份池時,將自動創建兩個角色(分別名為auth和unauth)。 “ auth”角色用於您具有登錄用戶的情況(例如,使用諸如Facebook之類的社交登錄名登錄並通過身份池聯合到AWS的情況),而“ unauth”角色用於以下情況:尚未登錄。您可以使用IAM策略微調這些角色的訪問權限,以最適合您的應用程序的需求。
請參閱此頁面( https://docs.aws.amazon.com/aws-mobile/latest/developerguide/how-to-nosql-integrate-an-existing-table.html ),以獲取有關如何進行此工作的具體說明。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.