Question

我目前正在开发一个在AWS基础设施上运行的节点应用程序，该应用程序可以访问DynamoDB和SSM。

我对Node不够熟练，无法创建MVCE，但这些与我似乎相关：

const AWS = require('aws-sdk')
AWS.config.update({ region: 'eu-west-1' })
const ddb = new AWS.DynamoDB.DocumentClient()
const ssm = new AWS.SSM()

const ssmQueryParams = {
  Name: '/foo/bar/tablename',
  WithDecryption: true
}

let ssmQueryResult
ssmQueryResult = (await ssm.getParameter(ssmQueryParams).promise())

const tableName = ssmQueryResult.Parameter.Value

const ddbParams = {
  TableName: tableName,
  Key: {
    'foo_id': fooId
  }
}
const ddbQueryResult = (await ddb.get(ddbParams).promise())

因此，我想从SSM获取DynamoDB表名称。如果我删除了SSM部分，则代码有效。但是有了它，我得到了

{ Error: connect EHOSTUNREACH 169.123.123.123:80
    at TCPConnectWrap.afterConnect [as oncomplete] (net.js:1097:14)
  message: 'Missing credentials in config',
  errno: 'EHOSTUNREACH',
  code: 'CredentialsError',
  syscall: 'connect',
  address: '169.123.123.123',
  port: 80,
  time: 2019-06-25T12:34:02.909Z,
  originalError:
   { message: 'Could not load credentials from any providers',
     errno: 'EHOSTUNREACH',
     code: 'CredentialsError',
     syscall: 'connect',
     address: '169.123.123.123',
     port: 80,
     time: 2019-06-25T12:34:02.909Z,
     originalError:
      { errno: 'EHOSTUNREACH',
        code: 'EHOSTUNREACH',
        syscall: 'connect',
        address: '169.123.123.123',
        port: 80,
        message: 'connect EHOSTUNREACH 169.123.123.123:80' } } }

那为什么我可以访问DynamoDB上的数据，但是当我想从SSM中读取数据时，却收到了凭证错误？

编辑：不能将accessKeyId和secretAccessKey添加到AWS.config.update。

Answer 1

我忘了提供ARN

arn:aws:iam::aws:policy/AmazonSSMReadOnlyAccess

我给的时候

arn:aws:iam::aws:policy/AmazonDynamoDBReadOnlyAccess

为什么我可以访问DynamoDB，但不能访问SSM？

1 个答案: