Lambda 和 DynamoDB:无权执行:dynamodb:Scan [英] Lambda and DynamoDB : is not authorized to perform: dynamodb:Scan
问题描述
我已经使用无服务器创建了我的 API,在我将我的 API 部署到 lambda 之后,我们尝试通过 GatewayAPI 中的测试"按钮测试端点,我收到错误:
I've created my API with serverless, after I deployed my API into lambda, and we I try to test the endpoint via the "Test" button in the GatewayAPI, I get the error:
用户:arn:aws:sts::245912153055:assumed-role/pets-service-dev-us-east-1-lambdaRole/pets-service-dev-listPets 无权执行:dynamodb:Scan on资源:arn:aws:dynamodb:us-east-1:245912153055:table/Pets"
"User: arn:aws:sts::245912153055:assumed-role/pets-service-dev-us-east-1-lambdaRole/pets-service-dev-listPets is not authorized to perform: dynamodb:Scan on resource: arn:aws:dynamodb:us-east-1:245912153055:table/Pets"
我可能需要向 Lambda 授予权限,但我有点迷茫......
I should probably need to give the permission to Lambda, but I'm a little bit lost ...
推荐答案
如前所述,您需要将权限添加到无服务器定义中.
As already stated, you need to add the permissions to your serverless definition.
有关此主题的文档非常广泛:无服务器 IAM 指南
The docs are quite extensive on this topic: serverless IAM guide
在您的情况下,您可能只需要向您的 serverless.yml 添加类似以下权限的内容.
In you case, you probably just need to add something like the following permission to your serverless.yml.
provider:
iamRoleStatements:
- Effect: "Allow"
Action:
- "dynamodb:Scan"
Resource: "arn:aws:dynamodb:us-east-1:245912153055:table/Pets"
这篇关于Lambda 和 DynamoDB:无权执行:dynamodb:Scan的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!