【发布时间】:2021-01-12 07:41:39
【问题描述】:
当我尝试将_item() 放入 DynamoDB 时,AWS Lambda 函数中出现此错误。
c_table.put_item(Item={"id": result['conn_id'], "username": payload.get("username"), "created": datetime.utcnow().isoformat()})
WSConnectionTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: my_table_name
AttributeDefinitions:
- AttributeName: id
AttributeType: S
KeySchema:
- AttributeName: id
KeyType: HASH
BillingMode: PAY_PER_REQUEST
StreamSpecification:
StreamViewType: NEW_AND_OLD_IMAGES
ConnectFunction:
Type: AWS::Serverless::Function
Properties:
FunctionName: !Sub ${AWS::StackName}-ConnectFunction
Description: !Sub
- Stack ${StackTagName} Environment ${EnvironmentTagName} Function ${ResourceName}
- ResourceName: ConnectFunction
CodeUri: sources
Handler: handlers.connection
Runtime: python3.7
MemorySize: 3008
Timeout: 30
Tracing: Active
Policies:
- AWSXRayDaemonWriteAccess
- DynamoDBCrudPolicy:
TableName: !Ref WSConnectionTable
Environment:
Variables:
TABLE_NAME: !Ref WSConnectionTable
TABLE_ARN: !GetAtt WSConnectionTable.Arn
一切正常,希望在 WS 连接之后,我想将连接 ID 保存到 DB,并且对 put_item() 的调用失败并出现以下错误:
[ERROR] ClientError: An error occurred (AccessDeniedException) when calling the PutItem operation: User: arn:aws:sts::74xxxxxxx:assumed-role/websocket-dev-ConnectFunctionRole-1PCCYG1DTLQYW/websocket-dev-ConnectFunction is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-east-2:74xxxxxxx:table/my_table_name_dev
我将不胜感激有关如何解决此问题的任何线索
【问题讨论】:
标签: amazon-web-services aws-lambda yaml amazon-cloudformation