AmazonServiceException:用户无权执行:dynamodb:DescribeTable状态码:400;错误代码:AccessDeniedException [英] AmazonServiceException: User is not authorized to perform: dynamodb:DescribeTable Status Code: 400; Error Code: AccessDeniedException
问题描述
我本来以为这个问题是由于地区不匹配引起的,但是在更改地区之后,尝试在这里找到Amazon AWS示例时,仍然遇到以下错误:
I had originally thought that this issue was due to mismatching regions, but after changing the region, I'm still coming across the following error when trying out an Amazon AWS sample found here:
AmazonServiceException: User: arn:aws:sts::[My Account
ARN]:assumed-role/Cognito_AndroidAppUnauth_DefaultRole/ProviderSession
is not authorized to perform: dynamodb:DescribeTable on resource:
arn:aws:dynamodb:us-east-1:[My Account ARN]:table/test_table (Service:
AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException;
Request ID: BBFTS0Q8UHTMG120IORC2KSASVVV4KQNSO5AEMVJF66Q9ASUAAJG)
一切大体相同,我所做的唯一更改就是将 DBclient
区域更改为 US_EAST_1
,可以使用 Amazon Cognito入门代码页面中的信息托管并修改Constants文件,该页面是通过遵循Cognito入门文档生成的。
Everything is more or less the same, the only things I've changed have been changing the DBclient
region to US_EAST_1
, where my test table is hosted and modifying the Constants file using the info from the 'Amazon Cognito Starter Code' page that is generated through following the Cognito get started documentation.
对于我的 Cognito_AndroidAppUnauth_DefaultRole
角色策略,我修改了默认的移动分析和同步服务权限,以包括对所有表的所有操作的访问,无论是否存在:
For my Cognito_AndroidAppUnauth_DefaultRole
role policy I modified the default mobile analytics and sync service permission to also include access of all actions on all tables, existing or not:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CognitoPolicy",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Sid": "DynamoDBPolicy",
"Effect": "Allow",
"Action": [
"dynamodb: *"
],
"Resource": "*"
}
]
}
为什么它声称当使用正确的区域并且Unauth策略应该允许表访问时,它没有权限?
So why is it claiming that it doesn't have permission when the correct region is used and the Unauth policy should allow for table access?
编辑:在DynamoDB资源上调用方法时,堆栈跟踪(创建表),
Stacktrace when calling a method on the DynamoDB resource (create table), should it prove useful
com.amazonaws.AmazonServiceException: User: arn:aws:sts::[My Account ARN]:assumed-role/Cognito_AndroidAppUnauth_DefaultRole/ProviderSession is not authorized to perform: dynamodb:CreateTable on resource: arn:aws:dynamodb:us-east-1:[My Account ARN]:table/test_table (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException; Request ID: SDELNSMLO10EV7CM2STC1R9RU3VV4KQNSO5AEMVJF66Q9ASUAAJG)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(Unknown Source)
at com.amazonaws.http.AmazonHttpClient.executeHelper(Unknown Source)
at com.amazonaws.http.AmazonHttpClient.execute(Unknown Source)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(Unknown Source)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.createTable(Unknown Source)
at com.amazonaws.demo.userpreferencesom.DynamoDBManager.createTable(DynamoDBManager.java:72)
at com.amazonaws.demo.userpreferencesom.UserPreferenceDemoActivity$DynamoDBManagerTask.doInBackground(UserPreferenceDemoActivity.java:99)
at com.amazonaws.demo.userpreferencesom.UserPreferenceDemoActivity$DynamoDBManagerTask.doInBackground(UserPreferenceDemoActivity.java:85)
at android.os.AsyncTask$2.call(AsyncTask.java:288)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:841)
推荐答案
与一位Amazon工程师一起工作,结果发现问题出在策略配置中:
Worked with an Amazon engineer and it turns out the problem was in the policy configuration:
"dynamodb: *"
应该是
"dynamodb:*"
一个空间可以做什么令人惊讶。
It's amazing what a space can do.
这篇关于AmazonServiceException:用户无权执行:dynamodb:DescribeTable状态码:400;错误代码:AccessDeniedException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!