Zac*_*scs 5 node.js aws-cloudformation amazon-dynamodb aws-lambda
我正在使用sam这样定义一个dynamodb表:
#DynamoTables
DevicesTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: devices
AttributeDefinitions:
-
AttributeName: "id"
AttributeType: "S"
-
AttributeName: "customerId"
AttributeType: "S"
KeySchema:
-
AttributeName: "id"
KeyType: "HASH"
-
AttributeName: "customerId"
KeyType: "RANGE"
GlobalSecondaryIndexes:
-
IndexName: "customers"
KeySchema:
-
AttributeName: "customerId"
KeyType: "HASH"
Projection:
ProjectionType: "ALL"
ProvisionedThroughput:
ReadCapacityUnits: "5"
WriteCapacityUnits: "5"
ProvisionedThroughput:
ReadCapacityUnits: "5"
WriteCapacityUnits: "5"
我能够访问使用具有lambda函数表Properties: Policies: AmazonDynamoDBFullAccess的SAM和使用规定看跌PARAMS定义TableName: 'devices'中node。但是,当我尝试通过在索引上定义查询来查询索引时:
params = {
TableName: 'devices',
IndexName: 'customers'
// ...
}
我收到一条错误消息,指出 lambda 函数无权访问该索引:
AccessDeniedException:用户:用户:arn:aws:sts::::assumed-role/CodeStarWorker-Lambda/awscodestar-lambda-DeviceFunction 未被授权执行:dynamodb:资源查询:TABLEURL/devices/index/customers
任何人都知道我可以授予此访问权限或解决此问题以查询索引的方法吗?
更新:我认为 AmazonDynamoDBFullAccess 策略不会影响事情,当我将它从template.yml我仍然能够放入表中时仍然无法查询索引。我必须手动添加角色吗?
您的 lambda 可以访问 TABLEURL/devices 但不能访问 TABLEURL/devices/index/customers。
这是 aws 文档中关于如何允许访问数据库的所有索引的示例。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AccessAllIndexesOnBooks",
"Effect": "Allow",
"Action": [
"dynamodb:*"
],
"Resource": [
"arn:aws:dynamodb:us-west-2:123456789012:table/Books",
"arn:aws:dynamodb:us-west-2:123456789012:table/Books/index/*"
]
}
]
}
| 归档时间: |
|
| 查看次数: |
2910 次 |
| 最近记录: |