【发布时间】:2016-11-21 15:10:48
【问题描述】:
我在从 lambda 函数写入 AWS Dynamo 时遇到这些错误。我认为这与我如何将角色联系起来有关。
消息:'用户: arn:aws:sts::086883031465:假定角色/lambda_basic_execution/awslambda_865_20160718210221776 无权执行:dynamodb:PutItem on resource: arn:aws:dynamodb:us-west-2:086883031465:table/DeviceReadings',代码: 'AccessDeniedException',时间:2016 年 7 月 18 日星期一 21:03:43 GMT+0000 (UTC),请求 ID: 'G0VU59A8FOA4NI0EMJSI6A50DRVV4KQNSO5AEMVJF66Q9ASUAAJG',状态码: 400,可重试:假,重试延迟:0 }
这是我的配置
Lambda
Runtime - Node.js 4.3
Handler - index.handler
Role - Use an existing role
Existing Role - lambda_basic_execution
IAM
Role (created by me) - lambda_basic_execution
Policy attached to role - Accesstodynamo
InLine policies -
oneClick_lambda_basic_execution_1467010842260
oneClick_lambda_basic_execution_1467695976683
Accesstodynamo policy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*",
"Effect": "Allow"
},
{
"Action": [
"dynamodb:PutItem"
],
"Resource": [
"arn:aws:dynamodb:*:*:table/EC2Scheduler-OptIn"
],
"Effect": "Allow"
},
{
"Action": [
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"events:DeleteRule",
"events:DisableRule",
"events:EnableRule",
"events:PutEvents",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"events:ListTargetsByRule",
"s3:GetObject",
"iam:PassRole"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
【问题讨论】:
标签: node.js amazon-web-services amazon-dynamodb aws-lambda amazon-iam