[英]AWS Lambda Deployment - AccessDeniedException
我已經部署了一個使用 dynamodb 的 aws lambda 應用程序,但是當我運行 lambda 功能時,我收到以下錯誤
START RequestId: 325ce8ea-ed86-404c-8756-ee46dbefae35 Version: $LATEST
2021-12-20T06:32:08.533Z 325ce8ea-ed86-404c-8756-ee46dbefae35 ERROR query-error: AccessDeniedException: User: arn:aws:sts::579450367668:assumed-role/lead-management-app-dev-eu-west-1-lambdaRole/lead-management-app-dev-submitLeadForm is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:eu-west-1:579450367668:table/lead-management-app-leads-dev/index/emai_index
END RequestId: 325ce8ea-ed86-404c-8756-ee46dbefae35
REPORT RequestId: 325ce8ea-ed86-404c-8756-ee46dbefae35 Duration: 14.83 ms Billed Duration: 15 ms Memory Size: 1024 MB Max Memory Used: 81 MB
我該如何解決這個問題?
我在下面附上我的 serverless.ts
/* eslint no-use-before-define: 0 */
import type { AWS } from "@serverless/typescript";
// DynamoDB
import dynamoDbTables from "./resources/dynamodb-tables";
// Functions
import functions from "./resources/functions";
const serverlessConfiguration: AWS = {
service: "lead-management-app",
frameworkVersion: "2",
custom: {
region: "${opt:region, self:provider.region}",
stage: "${opt:stage, self:provider.stage}",
prefix: "${self:service}-${self:custom.stage}",
lead_table: "${self:service}-leads-${opt:stage, self:provider.stage}",
interest_table:
"${self:service}-interests-${opt:stage, self:provider.stage}",
table_throughputs: {
prod: 5,
default: 1,
},
table_throughput:
"${self:custom.table_throughputs.${self:custom.stage}, self:custom.table_throughputs.default}",
dynamodb: {
stages: ["dev"],
start: {
port: 8008,
inMemory: true,
heapInitial: "200m",
heapMax: "1g",
migrate: true,
seed: true,
convertEmptyValues: true,
// Uncomment only if you already have a DynamoDB running locally
// noStart: true
},
},
["serverless-offline"]: {
httpPort: 3000,
babelOptions: {
presets: ["env"],
},
},
profile: {
prod: "prodAccount",
dev: "devAccount",
},
},
plugins: [
"serverless-bundle",
"serverless-dynamodb-local",
"serverless-offline",
"serverless-dotenv-plugin",
],
provider: {
name: "aws",
runtime: "nodejs14.x",
stage: "dev",
region: "ap-south-1",
apiGateway: {
minimumCompressionSize: 1024,
shouldStartNameWithService: true,
},
environment: {
AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1",
NODE_OPTIONS: "--enable-source-maps --stack-trace-limit=1000",
REGION: "${self:custom.region}",
STAGE: "${self:custom.stage}",
LEADS_TABLE: "${self:custom.lead_table}",
INTERESTS_TABLE: "${self:custom.interest_table}",
},
iamRoleStatements: [
{
Effect: "Allow",
Action: [
"dynamodb:DescribeTable",
"dynamodb:Query",
"dynamodb:Scan",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:DeleteItem",
],
Resource: [
{ "Fn::GetAtt": ["LeadsTable", "Arn"] },
{ "Fn::GetAtt": ["InterestsTable", "Arn"] },
],
},
],
profile: "${self:custom.profile.${self:custom.stage}}",
lambdaHashingVersion: "20201221",
},
// import the function via paths
functions,
package: { individually: true },
resources: {
Resources: dynamoDbTables,
},
};
module.exports = serverlessConfiguration;
這可以通過應用程序解決還是我應該授予權限表單 aws 控制台?
我應該授予任何推薦的權限列表嗎?
您的 lambda function 擔任的角色沒有訪問 Dynamo Db 表所需的權限。 要解決此問題,您需要將適當的策略附加到您的 lambda function 角色。
此頁面包含授予對 lambda function 的讀/寫訪問權限的策略。
您需要將以下權限(至少,可能更多)附加到角色lead-management-app-dev-eu-west-1-lambdaRole :
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"dynamodb:Query"
],
"Resource": "arn:aws:dynamodb:eu-west-1:579450367668:table/lead-management-app-leads-dev/index/emai_index",
"Effect": "Allow"
}
]
}
如果您在 AWS 控制台中執行此操作,則可以在 Lambda function 的權限/配置中找到執行角色。
AWS lambda AccessDeniedException調用另一個lambda函數
[英]AWS lambda AccessDeniedException calling another lambda function
使用 AWS SDK 的 Lambda 上的 AWS SAM AccessDeniedException
[英]AWS SAM AccessDeniedException on a Lambda that uses the AWS SDK
IAM用戶上的lambda ListFunctions的AWS AccessDeniedException
[英]AWS AccessDeniedException for lambda ListFunctions on a IAM user
AWS-從Amazon Connect調用lambda函數的“ AccessDeniedException”
[英]AWS - “AccessDeniedException” calling lambda function from Amazon connect
aws lambda 更新功能配置接收 AccessDeniedException
[英]aws lambda update-function-configuration receives AccessDeniedException
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.