AmazonServiceException:用户无权执行:dynamodb:DescribeTable 状态码:400;错误代码:AccessDeniedException [英] AmazonServiceException: User is not authorized to perform: dynamodb:DescribeTable Status Code: 400; Error Code: AccessDeniedException
问题描述
我原本以为这个问题是由于区域不匹配造成的,但是在更改区域后,我在尝试此处找到的 Amazon AWS 示例时仍然遇到以下错误:
I had originally thought that this issue was due to mismatching regions, but after changing the region, I'm still coming across the following error when trying out an Amazon AWS sample found here:
AmazonServiceException: User: arn:aws:sts::[My Account
ARN]:assumed-role/Cognito_AndroidAppUnauth_DefaultRole/ProviderSession
is not authorized to perform: dynamodb:DescribeTable on resource:
arn:aws:dynamodb:us-east-1:[My Account ARN]:table/test_table (Service:
AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException;
Request ID: BBFTS0Q8UHTMG120IORC2KSASVVV4KQNSO5AEMVJF66Q9ASUAAJG)
一切都或多或少相同,我唯一更改的是将 DBclient 区域更改为 US_EAST_1,我的测试表在其中托管并修改使用Amazon Cognito 入门代码"页面中的信息生成的常量文件,该页面是按照 Cognito 入门文档生成的.
Everything is more or less the same, the only things I've changed have been changing the DBclient region to US_EAST_1, where my test table is hosted and modifying the Constants file using the info from the 'Amazon Cognito Starter Code' page that is generated through following the Cognito get started documentation.
对于我的 Cognito_AndroidAppUnauth_DefaultRole 角色策略,我修改了默认的移动分析和同步服务权限,使其还包括对所有表(无论是否存在)的所有操作的访问:
For my Cognito_AndroidAppUnauth_DefaultRole role policy I modified the default mobile analytics and sync service permission to also include access of all actions on all tables, existing or not:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CognitoPolicy",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Sid": "DynamoDBPolicy",
"Effect": "Allow",
"Action": [
"dynamodb: *"
],
"Resource": "*"
}
]
}
那么为什么它声称在使用正确的区域时它没有权限并且 Unauth 策略应该允许表访问?
So why is it claiming that it doesn't have permission when the correct region is used and the Unauth policy should allow for table access?
调用 DynamoDB 资源(创建表)上的方法时的 Stacktrace,它是否有用
Stacktrace when calling a method on the DynamoDB resource (create table), should it prove useful
com.amazonaws.AmazonServiceException: User: arn:aws:sts::[My Account ARN]:assumed-role/Cognito_AndroidAppUnauth_DefaultRole/ProviderSession is not authorized to perform: dynamodb:CreateTable on resource: arn:aws:dynamodb:us-east-1:[My Account ARN]:table/test_table (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException; Request ID: SDELNSMLO10EV7CM2STC1R9RU3VV4KQNSO5AEMVJF66Q9ASUAAJG)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(Unknown Source)
at com.amazonaws.http.AmazonHttpClient.executeHelper(Unknown Source)
at com.amazonaws.http.AmazonHttpClient.execute(Unknown Source)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(Unknown Source)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.createTable(Unknown Source)
at com.amazonaws.demo.userpreferencesom.DynamoDBManager.createTable(DynamoDBManager.java:72)
at com.amazonaws.demo.userpreferencesom.UserPreferenceDemoActivity$DynamoDBManagerTask.doInBackground(UserPreferenceDemoActivity.java:99)
at com.amazonaws.demo.userpreferencesom.UserPreferenceDemoActivity$DynamoDBManagerTask.doInBackground(UserPreferenceDemoActivity.java:85)
at android.os.AsyncTask$2.call(AsyncTask.java:288)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:841)
推荐答案
与亚马逊工程师合作,发现问题出在策略配置中:
Worked with an Amazon engineer and it turns out the problem was in the policy configuration:
"dynamodb: *"
应该是
"dynamodb:*"
一个空间能做什么真是太神奇了.
It's amazing what a space can do.
这篇关于AmazonServiceException:用户无权执行:dynamodb:DescribeTable 状态码:400;错误代码:AccessDeniedException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
