我在从lambda函数写入AWS Dynamo时遇到这些错误。我认为这是我如何将角色联系起来的。
消息:'用户: 阿尔恩:AWS:STS :: 086883031465:假设角色/ lambda_basic_execution / awslambda_865_20160718210221776 未授权执行:dynamodb:PutItem on resource: arn:aws:dynamodb:us-west-2:086883031465:table / DeviceReadings',代码: 'AccessDeniedException',时间:2016年7月18日星期一21:03:43 GMT + 0000 (UTC),requestId: 'G0VU59A8FOA4NI0EMJSI6A50DRVV4KQNSO5AEMVJF66Q9ASUAAJG',statusCode: 400,retryable:false,retryDelay:0}
这是我的配置
Lambda
Runtime - Node.js 4.3
Handler - index.handler
Role - Use an existing role
Existing Role - lambda_basic_execution
IAM
Role (created by me) - lambda_basic_execution
Policy attached to role - Accesstodynamo
InLine policies -
oneClick_lambda_basic_execution_1467010842260
oneClick_lambda_basic_execution_1467695976683
Accesstodynamo policy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*",
"Effect": "Allow"
},
{
"Action": [
"dynamodb:PutItem"
],
"Resource": [
"arn:aws:dynamodb:*:*:table/EC2Scheduler-OptIn"
],
"Effect": "Allow"
},
{
"Action": [
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"events:DeleteRule",
"events:DisableRule",
"events:EnableRule",
"events:PutEvents",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"events:ListTargetsByRule",
"s3:GetObject",
"iam:PassRole"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
答案 0 :(得分:1)
您的政策仅对表PutItem授予EC2Scheduler-OptIn权限。您需要在表DeviceReadings中添加一个语句。
更改此部分:
"Resource": [
"arn:aws:dynamodb:*:*:table/EC2Scheduler-OptIn"
],
对此:
"Resource": [
"arn:aws:dynamodb:*:*:table/EC2Scheduler-OptIn",
"arn:aws:dynamodb:*:*:table/DeviceReadings"
],