provider:
name: aws
runtime: nodejs8.10
environment: ${self:custom.settings.${self:custom.myStage}}
plugins:
- serverless-webpack
- serverless-dynamodb-local
package:
individually: true
custom:
webpack:
webpackConfig: ./webpack.config.js
includeModules: true
myStage: ${opt:stage, self:provider.stage}
settings:
dev:
ITEMS_DYNAMODB_TABLE: sls-basic-operations-items-dev
prod:
ITEMS_DYNAMODB_TABLE: sls-basic-operations-items-prod
iamRoleStatements:
- Effect: "Allow"
Action:
- "dynamodb:GetItem"
- "dynamodb:PutItem"
- "dynamodb:UpdateItem"
- "dynamodb:DeleteItem"
- "dynamodb:ListStreams"
Resource:
- "arn:aws:dynamodb:${self:provider.region}:*:table/${self:custom.settings.${self:custom.myStage}.ITEMS_DYNAMODB_TABLE}"
# you can overwrite defaults here
stage: dev
region: us-east-1
functions:
saveItem:
handler: handler.saveItem
events:
- http:
path: item
method: post
triggerStream:
handler: handler.triggerStream
events:
- stream:
type: dynamodb
batchSize: 1
startingPosition: LATEST
arn:
Fn::GetAtt:
- ImagesTable
- StreamArn
resources:
Resources:
ImagesTable:
Type: "AWS::DynamoDB::Table"
Properties:
AttributeDefinitions:
- AttributeName: "itemId"
AttributeType: "S"
KeySchema:
- AttributeName: "itemId"
KeyType: "HASH"
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
TableName: ${self:custom.settings.${self:custom.myStage}.ITEMS_DYNAMODB_TABLE}
StreamSpecification:
StreamViewType: NEW_IMAGE
我提供的上述YAML文件。我尝试使用AWS LAMBDA连接到AWS Dynamo DB。但是,一旦我上载项目并尝试通过邮递员调用保存项目功能,它将在AWS云监视上提供以下日志。我同时向IAM用户授予了完全管理和dynamo数据库访问权限。其实我是AWS新手,请原谅我的英语
UnhandledPromiseRejectionWarning: AccessDeniedException: User: arn:aws:sts::247618643673:assumed-role/aws-nodejs-dev-us-east-1-lambdaRole/aws-nodejs-dev-saveItem is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-east-1:247618643673:table/sls-basic-operations-items-dev
at Request.extractError (/var/task/node_modules/aws-sdk/lib/protocol/json.js:51:27)
at Request.callListeners (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:106:20)
at Request.emit (/var/task/node_modules/aws-sdk/lib/sequential_executor.js:78:10)
at Request.emit (/var/task/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/var/task/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/task/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/task/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/task/node_modules/aws-sdk/lib/request.js:685:12`enter code here`)
答案 0 :(得分:0)
您的IAM角色定义应配置在provider下,而不应配置为serverless.yml的根属性。
provider:
name: aws
runtime: nodejs8.10
environment: ${self:custom.settings.${self:custom.myStage}}
iamRoleStatements:
- Effect: "Allow"
Action:
- "dynamodb:GetItem"
- "dynamodb:PutItem"
- "dynamodb:UpdateItem"
- "dynamodb:DeleteItem"
- "dynamodb:ListStreams"
Resource:
- "arn:aws:dynamodb:${self:provider.region}:*:table/${self:custom.settings.${self:custom.myStage}.ITEMS_DYNAMODB_TABLE}"
如果要更详细,也可以将其放在功能级别。