我在从lambda函数写入AWS Dynamo时收到这些错误 . 我认为这是我如何将角色联系起来的 .
message:'User:arn:aws:sts :: 086883031465:assume-role / lambda_basic_execution / awslambda_865_20160718210221776无权执行:dynamodb:PutItem on resource:arn:aws:dynamodb:us-west-2:086883031465:table / DeviceReadings',代码:'AccessDeniedException',时间:2016年7月18日星期一21:03:43 GMT 0000(UTC),requestId:'G0VU59A8FOA4NI0EMJSI6A50DRVV4KQNSO5AEMVJF66Q9ASUAAJG',statusCode:400,retryable:false,retryDelay:0}
这是我的配置
Lambda
Runtime - Node.js 4.3
Handler - index.handler
Role - Use an existing role
Existing Role - lambda_basic_execution
IAM
Role (created by me) - lambda_basic_execution
Policy attached to role - Accesstodynamo
InLine policies -
oneClick_lambda_basic_execution_1467010842260
oneClick_lambda_basic_execution_1467695976683
Accesstodynamo policy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*",
"Effect": "Allow"
},
{
"Action": [
"dynamodb:PutItem"
],
"Resource": [
"arn:aws:dynamodb:*:*:table/EC2Scheduler-OptIn"
],
"Effect": "Allow"
},
{
"Action": [
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"events:DeleteRule",
"events:DisableRule",
"events:EnableRule",
"events:PutEvents",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"events:ListTargetsByRule",
"s3:GetObject",
"iam:PassRole"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
1 回答
您的策略仅为表
EC2Scheduler-OptIn授予PutItem权限 . 你需要在那里为表DeviceReadings添加一个语句 .改变这一部分:
对此: