我在从lambda函数写入AWS Dynamo时收到这些错误。我认为这是关于我如何将角色联系起来的问题。
消息:'用户:arn:aws:sts::086883031465:假定角色/lambda_basic_execution/awslambda_865_20160718210221776未被授权在资源上执行:generandb:PutItemarn:aws:dynerdb:us-west-2:086883031465:table/DeviceReadings,代码:"AccessDeniedException",时间:2016年7月18日星期一21:03:43 GMT+0000(UTC),请求ID:"G0VU59A8FOA4NI0EMJSI6A50DRVV4KQNSO5AEMVJF66Q9ASUAAJG",状态代码:400,可重试:false,可重试延迟:0}
这是我的配置
Lambda
Runtime - Node.js 4.3
Handler - index.handler
Role - Use an existing role
Existing Role - lambda_basic_execution
IAM
Role (created by me) - lambda_basic_execution
Policy attached to role - Accesstodynamo
InLine policies -
oneClick_lambda_basic_execution_1467010842260
oneClick_lambda_basic_execution_1467695976683
Accesstodynamo policy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*",
"Effect": "Allow"
},
{
"Action": [
"dynamodb:PutItem"
],
"Resource": [
"arn:aws:dynamodb:*:*:table/EC2Scheduler-OptIn"
],
"Effect": "Allow"
},
{
"Action": [
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"events:DeleteRule",
"events:DisableRule",
"events:EnableRule",
"events:PutEvents",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"events:ListTargetsByRule",
"s3:GetObject",
"iam:PassRole"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
您的策略只授予PutItem对表EC2Scheduler-OptIn的权限。您需要在其中为表DeviceReadings添加一条语句。
更改此部分:
"Resource": [
"arn:aws:dynamodb:*:*:table/EC2Scheduler-OptIn"
],
对此:
"Resource": [
"arn:aws:dynamodb:*:*:table/EC2Scheduler-OptIn",
"arn:aws:dynamodb:*:*:table/DeviceReadings"
],