问题
I've created my API with serverless, after I deployed my API into lambda, and we I try to test the endpoint via the "Test" button in the GatewayAPI, I get the error:
"User: arn:aws:sts::245912153055:assumed-role/pets-service-dev-us-east-1-lambdaRole/pets-service-dev-listPets is not authorized to perform: dynamodb:Scan on resource: arn:aws:dynamodb:us-east-1:245912153055:table/Pets"
I should probably need to give the permission to Lambda, but I'm a little bit lost ...
回答1:
As already stated, you need to add the permissions to your serverless definition.
The docs are quite extensive on this topic: serverless IAM guide
In you case, you probably just need to add something like the following permission to your serverless.yml.
provider:
iamRoleStatements:
- Effect: "Allow"
Action:
- "dynamodb:Scan"
Resource: "arn:aws:dynamodb:us-east-1:245912153055:table/Pets"
回答2:
I am a bit late to the party but it could still help someone to know that currently (March 2019) there seems to be a problem using nodejs vs 8.10 when creating your lambda. Adding all the necessary permissions still cause the above-mentioned error. An easy fix is to use a lower nodejs version for now. Let's hope that issue gets fixed asap
来源:https://stackoverflow.com/questions/42602798/lambda-and-dynamodb-is-not-authorized-to-perform-dynamodbscan