在dynamodb配置和连接尝试时,我遇到了一个amazondynamodb异常。配置代码如下所示:
@AllArgsConstructor
@Configuration
public class AWSDynamoDBConfig {
private final String accessKey;
private final String secretKey;
private final String roleArn;
public AWSDynamoDBConfig() throws IOException {
Properties properties = readProperties("common", "aws.properties");
accessKey = properties.getProperty("aws.accessKey");
secretKey = properties.getProperty("aws.secretKey");
roleArn = properties.getProperty("aws.roleArn");
}
public AssumeRoleRequest roleRequest() {
return new AssumeRoleRequest().withRoleArn(roleArn);
}
@Bean
public AmazonDynamoDB amazonDynamoDB() {
return AmazonDynamoDBClientBuilder
.standard()
.withRegion(Regions.EU_WEST_1)
.withCredentials(amazonAWSCredentialProvider())
.build();
}
@Bean
public AWSCredentials amazonAWSCredential() {
return new BasicAWSCredentials(accessKey, secretKey);
}
@Bean
public DynamoDBMapperConfig dynamoDBMapperConfig() {
return DynamoDBMapperConfig.DEFAULT;
}
@Bean
public DynamoDBMapper dynamoDBMapper(AmazonDynamoDB amazonDynamoDB, DynamoDBMapperConfig config) {
return new DynamoDBMapper(amazonDynamoDB, config);
}
@Bean
public DynamoDB dynamoDB() {
return new DynamoDB(amazonDynamoDB());
}
public AWSCredentialsProvider amazonAWSCredentialProvider() {
return new AWSStaticCredentialsProvider(amazonAWSCredential());
}
}
方法调用时产生错误 listTables
```
public void listMyTables() {
TableCollection tables = awsDynamoDBConfig.dynamoDB().listTables();
Iterator iterator = tables.iterator();
log.info("Listing tables from DynamoDB instance");
while (iterator.hasNext()) {
Table table = iterator.next();
log.info("Table name: " + table.getTableName());
}
}
com.amazonaws.services.dynamodbv2.model.amazondynamodbexception:用户:arn:aws:iam::number:user/machine-user 无权执行:dynamodb:listtables on 资源:arn:aws:dynamodb:eu-west-1:number:table/*(服务:amazondynamodbv2;状态码:400;错误代码:accessdeniedexception;请求id:id号)
据我所知,我失踪了 `roleArn` 在amazondynamodb对象中,所以我要添加它。到目前为止,我发现一个主题点击,但上面的解决方案使用不推荐的对象 `AWSSecurityTokenServiceClient` 毕竟,我会使用新的对象 `AmazonDynamoDB` 但我没有找到如何让它成为现实。
我将非常感谢关于如何添加缺失的建议 `arnRole` 到 `AmazonDynamoDB` 对象完成配置步骤并建立连接。
1条答案
按热度按时间0h4hbjxa1#
您需要在运行此代码的角色上设置iam策略或内联策略。不确定它是lambda还是在容器中,或者其他什么东西,不管怎样,您的策略都需要如下所示: