我正尝试在本地使用运行时node.js的SAM模板运行一个新创建的lambda函数。我有以下内容:
a( aws帐户的区域,accessKeyId&secretAccessKeyb( aws-cli、aws-sam、docker
使用sam local invoke在本地运行lambda函数是可以的,但问题是当我在函数中连接到dynordb时,出现了以下错误。
{"message":"User: arn:aws:iam::*********:user/test.user is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:us-west-2:********:table/my_table with an explicit deny","code":"AccessDeniedException","time":"2020-08-30T07:45:51.678Z","requestId":"7SIBTHTKDSSDJNSTLNUSSBHDNDHBSMVJF66Q9ASUAAJG","statusCode":400,"retryable":false,"retryDelay":40.84164538820391}
我有权访问aws帐户,并有accessKeyId&secretAccessKey,并能够在aws控制台上进行查询。在vscode编辑器中,安装了aws工具包并添加了凭据,但我仍然在本地遇到同样的错误。
有人能帮我解决这个问题吗?因为我正处于寻找解决方案的困难境地。这是我的代码片段。
let response;
const AWS = require('aws-sdk');
AWS.config.update({
region: "us-west-2",
accessKeyId: '************',
secretAccessKey: '********************'
});
const dbClient = new AWS.DynamoDB.DocumentClient();
exports.lambdaHandler = async (event, context) => {
try {
let myTable = await getData(event.myId);
response = {
'statusCode': 200,
'body': JSON.stringify({
message: myTable
})
}
} catch (err) {
console.log(err);
return err;
}
return response
};
const MY_TABLE_NAME = "my_table";
const getData = async (myId) => {
const params = {
TableName: MY_TABLE_NAME ,
KeyConditionExpression: "#uid = :id",
ExpressionAttributeValues: {
':id': myId
},
ExpressionAttributeNames: {
'#uid': 'userID'
}
};
let { Count, Items } = await dbClient.query(params).promise();
if (Items.length == 0) {
return false;
} else {
var obj = {
Name: (Count > 0) ? Items[0].name : null,
MY_TABLE: MY_TABLE
};
return obj;
}
};
template.yaml
Resources:
HelloWorldFunction:
Type: AWS::Serverless::Function # More info
Properties:
CodeUri: hello-world/
Handler: app.lambdaHandler
Runtime: nodejs12.x
Policies: AmazonDynamoDBFullAccess
Events:
HelloWorld:
Type: Api # More info
Properties:
Path: /hello
Method: get
如有任何帮助,我们将不胜感激。提前谢谢。
我得到用户未授权错误的原因是因为我没有编程访问权限,只被授权访问aws控制台。
感谢