我在python和dynamodb中具有lambda函数。当我从lambda处理函数中调用dynamodb时,此调用成功。但是在lambda处理程序函数外部调用dynamodb不会成功,并且会导致访问被拒绝的异常。
假设我在dynamodb中有一个表“ List”。我将一个项目放在lambda处理函数中的dynamodb中。代码工作正常,并且在数据库中添加了一个项目。
#lambdaModule
import boto3
class LambdaFunction:
def lambda_handler(self, event, context):
dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('List')
table.put_item(
Item={
'username': 'janedoe',
'first_name': 'Jane',
'last_name': 'Doe',
'age': 25,
'account_type': 'standard_user',
}
)
但是,当我尝试从lambda之外的数据库中添加项目时,它给了我拒绝访问的错误。
import boto3
class LambdaFunction:
def lambda_handler(self, event, context):
#Some logic
#Accessing dynamodb from outside of lambda function.
dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('List')
table.put_item(
Item={
'username': 'janedoe',
'first_name': 'Jane',
'last_name': 'Doe',
'age': 25,
'account_type': 'standard_user',
}
)
上面的代码给出以下访问拒绝错误
"[ERROR] VerboseClientError: An error occurred (AccessDeniedException) on request (BA2U74TQ90HACN013TMF2BGEENVV4KQNSO5AEMVJF66Q9ASUAAJG) on table
(dev02-up-svc-fss-stack-BlockLists-1DRNZPW6GRDV0) when calling the DescribeTable operation: Traceback (most recent call last): File \
"/var/lang/lib/python3.7/imp.py\", line 234, in load_module return load_source(name, filename, file) File \"/var/la
ng/lib/python3.7/imp.py\", line 171, in load_source module = _load(spec) File \"<frozen importlib._bootstrap>\", line
696, in _load File \"<frozen importlib._bootstrap>\", line 677, in _load_unlocked File \"<frozen importlib._bootstrap_external>\",
line 728, in exec_module File \"<frozen importlib._bootstrap>\", line 219, in _call_with_frames_removed File \"/var/task/score.py\",
line 179, in <module> class ScoreService(Service): File \"/var/task/score.py\", line 180, in ScoreService  
; ent = _name_dob_list.match(\"first_name\", \"last_name\", \"2000-12-12\") File \"/var/task/lists.py\", line 449, in match
obj = BlockLists.match(self.name, attribs, self.params_meta) File \"/var/task/lists.py\", line 359, in match params_a
s_string) File \"/var/task/pynamodb/models.py\", line 485, in get hash_key, range_key = cls._serialize_keys(hash_key, range_k
ey) File \"/var/task/pynamodb/models.py\", line 1372, in _serialize_keys hash_key = cls._hash_key_attribute().serialize(hash_k
ey) File \"/var/task/pynamodb/models.py\", line 1219, in _hash_key_attribute hash_keyname = cls._get_meta_data().hash_keyname&n
bsp; File \"/var/task/pynamodb/models.py\", line 1262, in _get_meta_data cls._meta_table = MetaTable(cls._get_connection().describe_ta
ble()) File \"/var/task/pynamodb/connection/table.py\", line 263, in describe_table return self.connection.describe_table(self.t
able_name) File \"/var/task/pynamodb/connection/base.py\", line 659, in describe_table tbl = self.get_meta_table(table_name, ref
我已授予template.yaml文件中对db的完全访问权限。
LambdaFunction:
Type: AWS::Serverless::Function
Properties:
Handler: lambdaModule.lambda_handler
Events:
ScoreEvent:
Type: Api
Properties:
Path: /score
Method: POST
RestApiId: !Ref FraudScoreAPI
Policies:
- AmazonDynamoDBFullAccess
答案 0 :(得分:0)
不确定,但是我的第一个直觉是建议,一旦您离开处理程序,您将不再处于Lambda的执行上下文中,并且(通过堆栈)授予的任何权限都将不可见。我的建议是使插入逻辑成为一个函数,并从处理程序方法中调用该函数。