python中的AWS-Lambda:dynamodb的调用在lambda处理程序函数中成功,但在lambda处理程序函数之外不成功

时间:2019-04-05 14:51:21

标签: aws-lambda

我在python和dynamodb中具有lambda函数。当我从lambda处理函数中调用dynamodb时,此调用成功。但是在lambda处理程序函数外部调用dynamodb不会成功,并且会导致访问被拒绝的异常。

假设我在dynamodb中有一个表“ List”。我将一个项目放在lambda处理函数中的dynamodb中。代码工作正常,并且在数据库中添加了一个项目。

#lambdaModule

import boto3
class LambdaFunction:
      def lambda_handler(self, event, context):     
           dynamodb = boto3.resource('dynamodb')
           table = dynamodb.Table('List')
           table.put_item(
                           Item={
                                  'username': 'janedoe',
                                  'first_name': 'Jane',
                                  'last_name': 'Doe',
                                  'age': 25,
                                  'account_type': 'standard_user',
                                }
                           )

但是,当我尝试从lambda之外的数据库中添加项目时,它给了我拒绝访问的错误。

import boto3
class LambdaFunction:
      def lambda_handler(self, event, context):     
           #Some logic

      #Accessing dynamodb from outside of lambda function.
      dynamodb = boto3.resource('dynamodb')
           table = dynamodb.Table('List')
           table.put_item(
                           Item={
                                  'username': 'janedoe',
                                  'first_name': 'Jane',
                                  'last_name': 'Doe',
                                  'age': 25,
                                  'account_type': 'standard_user',
                                }
                           ) 

上面的代码给出以下访问拒绝错误

"[ERROR] VerboseClientError: An error occurred (AccessDeniedException) on request (BA2U74TQ90HACN013TMF2BGEENVV4KQNSO5AEMVJF66Q9ASUAAJG) on table 
(dev02-up-svc-fss-stack-BlockLists-1DRNZPW6GRDV0) when calling the DescribeTable operation: Traceback (most recent call last):  File \
"/var/lang/lib/python3.7/imp.py\", line 234, in load_module    return load_source(name, filename, file)  File \"/var/la
ng/lib/python3.7/imp.py\", line 171, in load_source&nbsp;&nbsp;&nbsp;&nbsp;module = _load(spec)&nbsp;&nbsp;File \"<frozen importlib._bootstrap>\", line
 696, in _load&nbsp;&nbsp;File \"<frozen importlib._bootstrap>\", line 677, in _load_unlocked&nbsp;&nbsp;File \"<frozen importlib._bootstrap_external>\",
 line 728, in exec_module&nbsp;&nbsp;File \"<frozen importlib._bootstrap>\", line 219, in _call_with_frames_removed&nbsp;&nbsp;File \"/var/task/score.py\",
 line 179, in <module>&nbsp;&nbsp;&nbsp;&nbsp;class ScoreService(Service):&nbsp;&nbsp;File \"/var/task/score.py\", line 180, in ScoreService&nbsp;&nbsp;&nbsp
 ;&nbsp;ent = _name_dob_list.match(\"first_name\", \"last_name\", \"2000-12-12\")&nbsp;&nbsp;File \"/var/task/lists.py\", line 449, in match&nbsp;&nbsp;&nbsp;
 &nbsp;obj = BlockLists.match(self.name, attribs, self.params_meta)&nbsp;&nbsp;File \"/var/task/lists.py\", line 359, in match&nbsp;&nbsp;&nbsp;&nbsp;params_a
 s_string)&nbsp;&nbsp;File \"/var/task/pynamodb/models.py\", line 485, in get&nbsp;&nbsp;&nbsp;&nbsp;hash_key, range_key = cls._serialize_keys(hash_key, range_k
 ey)&nbsp;&nbsp;File \"/var/task/pynamodb/models.py\", line 1372, in _serialize_keys&nbsp;&nbsp;&nbsp;&nbsp;hash_key = cls._hash_key_attribute().serialize(hash_k
 ey)&nbsp;&nbsp;File \"/var/task/pynamodb/models.py\", line 1219, in _hash_key_attribute&nbsp;&nbsp;&nbsp;&nbsp;hash_keyname = cls._get_meta_data().hash_keyname&n
 bsp;&nbsp;File \"/var/task/pynamodb/models.py\", line 1262, in _get_meta_data&nbsp;&nbsp;&nbsp;&nbsp;cls._meta_table = MetaTable(cls._get_connection().describe_ta
 ble())&nbsp;&nbsp;File \"/var/task/pynamodb/connection/table.py\", line 263, in describe_table&nbsp;&nbsp;&nbsp;&nbsp;return self.connection.describe_table(self.t
 able_name)&nbsp;&nbsp;File \"/var/task/pynamodb/connection/base.py\", line 659, in describe_table&nbsp;&nbsp;&nbsp;&nbsp;tbl = self.get_meta_table(table_name, ref

我已授予template.yaml文件中对db的完全访问权限。

LambdaFunction:
      Type: AWS::Serverless::Function
      Properties:
        Handler: lambdaModule.lambda_handler
        Events:
          ScoreEvent:
            Type: Api 
            Properties:
              Path: /score
              Method: POST
              RestApiId: !Ref FraudScoreAPI
        Policies:
          - AmazonDynamoDBFullAccess

1 个答案:

答案 0 :(得分:0)

不确定,但是我的第一个直觉是建议,一旦您离开处理程序,您将不再处于Lambda的执行上下文中,并且(通过堆栈)授予的任何权限都将不可见。我的建议是使插入逻辑成为一个函数,并从处理程序方法中调用该函数。