我是亚马逊Dynamo DB的新手。我收到拒绝访问的例外。
请帮帮我。
错误:
用户:arn:aws:sts :: xx:assume-role / Cognito_SampleUnauth_Role / CognitoIdentityCredentials无权执行:dynamodb:资源上的DescribeTable:arn:xxx
答案 0 :(得分:2)
首先确保您的假定角色有权访问DynamoDB。
如果您从笔记本电脑而不是EC2 / Beanstalk运行应用程序,请确保设置STS凭据(http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-cli.html)。
要从假定角色接收凭据,您可以使用以下内容:
public Credentials getCredentialsFromAssumedRole() {
AWSSecurityTokenService awsSecurityTokenService = AWSSecurityTokenServiceClientBuilder.defaultClient();
AssumeRoleRequest assumeRequest = new AssumeRoleRequest()
.withRoleArn("arn:aws:iam::XX:role/assume-role-DynamoDB-ReadOnly")
.withDurationSeconds(3600)
.withRoleSessionName("assumed-role-session");
AssumeRoleResult assumeResult = awsSecurityTokenService.assumeRole(assumeRequest);
Credentials credentials = assumeResult.getCredentials();
return credentials;
}
之后,您可以创建DynamoDBMapper instanse:
AmazonDynamoDB amazonDynamoDB = new AmazonDynamoDBClient(amazonAWSCredentials);
amazonDynamoDB.setEndpoint(amazonDynamoDBEndpoint);
amazonDynamoDB.setRegion(Region.getRegion(Regions.valueOf(amazonAWSRegion)));
return new DynamoDBMapper(amazonDynamoDB);
使用DynamoDBMapper,您可以执行CRUD操作,如:
dynamoDBMapper.save(entity);
dynamoDBMapper.load(Entity.class, entityId);
@karthik,你以前做过的是否相似?请发布您的代码以了解出现了什么问题。