Lambda 和 DynamoDB:无权执行:dynamodb:Scan [英] Lambda and DynamoDB : is not authorized to perform: dynamodb:Scan

问题描述

我已经使用无服务器创建了我的 API，在我将我的 API 部署到 lambda 之后，我们尝试通过 GatewayAPI 中的测试"按钮测试端点，我收到错误:

I've created my API with serverless, after I deployed my API into lambda, and we I try to test the endpoint via the "Test" button in the GatewayAPI, I get the error:

用户:arn:aws:sts::245912153055:assumed-role/pets-service-dev-us-east-1-lambdaRole/pets-service-dev-listPets 无权执行:dynamodb:Scan on资源:arn:aws:dynamodb:us-east-1:245912153055:table/Pets"

"User: arn:aws:sts::245912153055:assumed-role/pets-service-dev-us-east-1-lambdaRole/pets-service-dev-listPets is not authorized to perform: dynamodb:Scan on resource: arn:aws:dynamodb:us-east-1:245912153055:table/Pets"

我可能需要向 Lambda 授予权限，但我有点迷茫......

I should probably need to give the permission to Lambda, but I'm a little bit lost ...

推荐答案

如前所述，您需要将权限添加到无服务器定义中.

As already stated, you need to add the permissions to your serverless definition.

有关此主题的文档非常广泛:无服务器 IAM 指南

The docs are quite extensive on this topic: serverless IAM guide

在您的情况下，您可能只需要向您的 serverless.yml 添加类似以下权限的内容.

In you case, you probably just need to add something like the following permission to your serverless.yml.

provider:
  iamRoleStatements:
    -  Effect: "Allow"
       Action:
         - "dynamodb:Scan"
       Resource: "arn:aws:dynamodb:us-east-1:245912153055:table/Pets"

这篇关于Lambda 和 DynamoDB:无权执行:dynamodb:Scan的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！