node.js AWS DynamoDB 问题:用户无权执行:dynamodb:PutItem on resource
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/34784804/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
AWS DynamoDB Issue: User is not authorized to perform: dynamodb:PutItem on resource
提问by Tirath Shah
I am trying to access DynamoDB from my Node app deployed on AWS ElasticBeanStalk. I am getting an error
我正在尝试从部署在 AWS ElasticBeanStalk 上的 Node 应用程序访问 DynamoDB。我收到一个错误
"User is not authorized to perform: dynamodb:PutItem on resource"
“用户无权执行:dynamodb:资源上的PutItem”
It works perfectly fine locally, only when I deploy to the AWS it stops performing.
它在本地工作得很好,只有当我部署到 AWS 时它才停止执行。
Anyone knows the fix? Thanks in advance!
有谁知道修复吗?提前致谢!
回答by Abhimanu Kumar
The dynamoDB access denied is generally a Policy issue. Check the IAM/Role policies that you are using. A quick check is to add
dynamoDB 访问被拒绝通常是一个策略问题。检查您正在使用的 IAM/角色策略。快速检查是添加
AmazonDynamoDBFullAccess
policy in your role by going to "Permissions" tab in AWS console. If it works after that then it means you need to create a right access policy and attach it to your role.
通过转到 AWS 控制台中的“权限”选项卡,您的角色中的策略。如果在那之后它有效,则意味着您需要创建正确的访问策略并将其附加到您的角色。
回答by smcstewart
Check the access key you are using to connect to DynamoDB in your Node app on AWS. This access key will belong to a user that does not have the necessary privileges in IAM. So, find the IAM user, create or update an appropriate policy and you should be good.
检查您在 AWS 上的 Node 应用程序中用于连接到 DynamoDB 的访问密钥。此访问密钥将属于在 IAM 中没有必要权限的用户。因此,找到 IAM 用户,创建或更新适当的策略,您应该会很好。
For Beanstalk you need to setup user policies when you publish. Check out the official docs here.
对于 Beanstalk,您需要在发布时设置用户策略。在此处查看官方文档。
And check out the example from here too, courtesy of @Tirath Shah.
回答by Adiii
Answer already is given but this is the best practice to use policy for your AWS user or role.
答案已经给出,但这是为您的 AWS 用户或角色使用策略的最佳实践。
To Get object only from particular Table
仅从特定表中获取对象
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"dynamodb:DescribeTable",
"dynamodb:GetItem"
],
"Resource": "arn:aws:dynamodb:us-west-2:<account_number>:table/dev-panels"
}
]
}
To Verify
验证
aws dynamodb describe-table --table-name dev-panels
To put Object
放置对象
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"dynamodb:DescribeTable",
"dynamodb:PutItem"
],
"Resource": "arn:aws:dynamodb:us-west-2:<account_number>:table/dev-panels"
}
]
}
To Allow All action on one table.
允许对一张桌子进行所有操作。
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllAPIActionsOnBooks",
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "arn:aws:dynamodb:us-west-2:123456789012:table/<youtable_name>"
}
]
}
To verify role or user
验证角色或用户
aws dynamodb put-item --table-name dev-panels --item file://user.json --return-consumed-capacity TOTAL
user.json
用户.json
{
"Name": {"S": "adiii"},
}
