我正在尝试运行一个在DynamoDB中创建表的脚本。创建第一个表就很好,但是第二个表遇到了权限问题,这似乎与IAM有关。
这是一个python安全工具,需要进行初始设置,其中一部分正在创建两个DynamoDB表。我可以很好地创建第一个表,但是遇到第二个表的问题。
用户角色具有广泛的AWS权限,所以我看不出这是个问题。
需要安装Python3.7.3版本。
Traceback (most recent call last):
File "argos_config_setup.py", line 28, in check_account_table
response = client.describe_table(TableName=argos_account_table)
File "/Users/generic_user/.virtualenvs/myvenv/lib/python3.7/site-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/generic_user/.virtualenvs/myvenv/lib/python3.7/site-packages/botocore/client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.ResourceNotFoundException: An error occurred (ResourceNotFoundException) when calling the DescribeTable operation: Requested resource not found: Table: argos_accounts not found
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "argos_config_setup.py", line 240, in <module>
check_account_table()
File "argos_config_setup.py", line 34, in check_account_table
create_account_table(argos_account_table)
File "argos_config_setup.py", line 103, in create_account_table
for accounts_itr in account_iterator:
File "/Users/generic_user/.virtualenvs/myvenv/lib/python3.7/site-packages/botocore/paginate.py", line 255, in __iter__
response = self._make_request(current_kwargs)
File "/Users/generic_user/.virtualenvs/myvenv/lib/python3.7/site-packages/botocore/paginate.py", line 332, in _make_request
return self._method(**current_kwargs)
File "/Users/generic_user/.virtualenvs/myvenv/lib/python3.7/site-packages/botocore/client.py", line 357, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/Users/generic_user/.virtualenvs/myvenv/lib/python3.7/site-packages/botocore/client.py", line 661, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.errorfactory.AccessDeniedException: An error occurred (AccessDeniedException) when calling the ListAccounts operation: You don't have permissions to access this resource.
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
应该创建第二个dynamoDB表。
下面是create_account_table函数
org_client = boto3.client('organizations')
paginator = org_client.get_paginator('list_accounts')
account_iterator = paginator.paginate()
accounts = []
for accounts_itr in account_iterator:
for account in accounts_itr['Accounts']:
accounts.append({'id': account['Id'], 'name': account['Name'], 'email': account['Email'],
'environment': ''})
dynamodb_client = boto3.client('dynamodb')
dynamodb_client.create_table(
AttributeDefinitions=[
{
"AttributeName": "id",
"AttributeType": "S"
}
],
TableName=argos_account_table,
KeySchema=[
{
"AttributeName": "id",
"KeyType": "HASH"
}
],
BillingMode='PAY_PER_REQUEST'
)
dynamodb_resource = boto3.resource('dynamodb')
table = dynamodb_resource.Table(argos_account_table)
with table.batch_writer() as batch:
for account in accounts:
batch.put_item(
Item={
'id': account['id'],
'name': account['name'],
'email': account['email'],
'environment': account['environment'],
}
)
答案 0 :(得分:2)
没有看到如何创建表,我只能告诉你两件事:
您遇到的第一个错误是因为您试图描述一个找不到的表(404错误)
在尝试处理未找到的表错误时,您的代码似乎尝试了ListAccounts调用,该调用取决于您拥有的AWS Organization设置。看来您的用户也没有ListAccounts权限。
您能否张贴一个尝试创建表的代码段,因为在这里我们只能看到您进行了describeTable调用,而不是createTable。