认知与DynamoDB:“未授权执行:dynamodb:UpdateItem on resource” [英] Cognito & DynamoDB: "not authorized to perform: dynamodb:UpdateItem on resource"
问题描述
严格按照入门指南在Android上使用Amazon DynamoDB ,最后我创建了所有正确的表,角色策略等,并且代码如下:
After following exactly the "Getting started" guide for Amazon DynamoDB on Android, I end up with all the right tables created, role policies, etc. and that code:
CognitoCachingCredentialsProvider credentialsProvider = new CognitoCachingCredentialsProvider(
getApplicationContext(),
"eu-west-1:01234567-abcd-8901-efab-234567890123", // Identity Pool ID
Regions.EU_WEST_1 // Region
);
AmazonDynamoDBClient ddbClient = new AmazonDynamoDBClient(credentialsProvider);
final DynamoDBMapper mapper = new DynamoDBMapper(ddbClient);
final Book book = new Book("My new book"); // Simplified version of Book
new Thread(new Runnable() {
@Override
public void run() {
mapper.save(book);
Log.v("Sync", "Book saved!");
}
}).start();
重要的是,与本教程最大的区别(但无法改变)是我来自欧洲所以我所在的地区是 eu-west-1
(爱尔兰)。
Important note, the biggest (but unoticeable) difference with the tutorial is that I'm based in Europe so my region is eu-west-1
(Ireland).
但是,正确地遵循了所有条件后,我出现以下错误:
And yet, having followed everything correctly, I get the following error:
com.amazonaws.AmazonServiceException: User: arn:aws:sts::012345678901:assumed-role/Cognito_BookUnauth_Role/CognitoIdentityCredentials is not authorized to perform: dynamodb:UpdateItem on resource: arn:aws:dynamodb:us-east-1:012345678901:table/Books (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException; Request ID: 05OLSSM8F8EN15SO0JD8VELCNNVV4KQNSO5AEMVJF66Q9ASUAAJG)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:709)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:385)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:196)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(AmazonDynamoDBClient.java:3257)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.updateItem(AmazonDynamoDBClient.java:965)
at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper$SaveObjectHandler.doUpdateItem(DynamoDBMapper.java:1173)
at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper$2.executeLowLevelRequest(DynamoDBMapper.java:873)
at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper$SaveObjectHandler.execute(DynamoDBMapper.java:1056)
at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper.save(DynamoDBMapper.java:904)
at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper.save(DynamoDBMapper.java:688)
at com.davidferrand.books$4.run(MainActivity.java:136)
at java.lang.Thread.run(Thread.java:818)
推荐答案
Thi s的 bug很棘手,我花了几个小时才能解决它。本指南假定您位于 us-east-1
区域,并且这也是 AmazonDynamoDBClient
的默认终端节点
This "bug" is tricky and it took me hours to solve it. The guide assumes that you are in the us-east-1
region, and that's also the default endpoint of the AmazonDynamoDBClient
you create.
将数据库放在其他区域后,在创建时必须明确指定区域
As soon as you have your database in a different region, you must explicitly specify the region in when you create your AmazonDynamoDBClient
.
最好的方法是:
AmazonDynamoDBClient ddbClient = Region.getRegion(Regions.EU_WEST_1) // CRUCIAL
.createClient(
AmazonDynamoDBClient.class,
credentialsProvider,
new ClientConfiguration()
);
这篇关于认知与DynamoDB:“未授权执行:dynamodb:UpdateItem on resource”的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!