获取amazondynamodbexception:用户:arn:aws:iam:user is 未授权执行:dynamodb:listtables

juzqafwq  于 2021-07-12  发布在  Java
关注(0)|答案(1)|浏览(434)

在dynamodb配置和连接尝试时,我遇到了一个amazondynamodb异常。配置代码如下所示:

@AllArgsConstructor
@Configuration
public class AWSDynamoDBConfig {

    private final String accessKey;
    private final String secretKey;
    private final String roleArn;

    public AWSDynamoDBConfig() throws IOException {
        Properties properties = readProperties("common", "aws.properties");
        accessKey = properties.getProperty("aws.accessKey");
        secretKey = properties.getProperty("aws.secretKey");
        roleArn = properties.getProperty("aws.roleArn");
    }

    public AssumeRoleRequest roleRequest() {
        return new AssumeRoleRequest().withRoleArn(roleArn);
    }

    @Bean
    public AmazonDynamoDB amazonDynamoDB() {
        return AmazonDynamoDBClientBuilder
                .standard()
                .withRegion(Regions.EU_WEST_1)
                .withCredentials(amazonAWSCredentialProvider())
                .build();
    }

    @Bean
    public AWSCredentials amazonAWSCredential() {
        return new BasicAWSCredentials(accessKey, secretKey);
    }

    @Bean
    public DynamoDBMapperConfig dynamoDBMapperConfig() {
        return DynamoDBMapperConfig.DEFAULT;
    }

    @Bean
    public DynamoDBMapper dynamoDBMapper(AmazonDynamoDB amazonDynamoDB, DynamoDBMapperConfig config) {
        return new DynamoDBMapper(amazonDynamoDB, config);
    }

    @Bean
    public DynamoDB dynamoDB() {
        return new DynamoDB(amazonDynamoDB());
    }

    public AWSCredentialsProvider amazonAWSCredentialProvider() {
        return new AWSStaticCredentialsProvider(amazonAWSCredential());
    }

}

方法调用时产生错误 listTables ```
public void listMyTables() {
TableCollection tables = awsDynamoDBConfig.dynamoDB().listTables();
Iterator iterator = tables.iterator();

    log.info("Listing tables from DynamoDB instance");
    while (iterator.hasNext()) {
        Table table = iterator.next();
        log.info("Table name: " + table.getTableName());
    }
}
com.amazonaws.services.dynamodbv2.model.amazondynamodbexception:用户:arn:aws:iam::number:user/machine-user 无权执行:dynamodb:listtables on 资源:arn:aws:dynamodb:eu-west-1:number:table/*(服务:amazondynamodbv2;状态码:400;错误代码:accessdeniedexception;请求id:id号)
据我所知,我失踪了 `roleArn` 在amazondynamodb对象中,所以我要添加它。到目前为止,我发现一个主题点击,但上面的解决方案使用不推荐的对象 `AWSSecurityTokenServiceClient` 毕竟,我会使用新的对象 `AmazonDynamoDB` 但我没有找到如何让它成为现实。
我将非常感谢关于如何添加缺失的建议 `arnRole` 到 `AmazonDynamoDB` 对象完成配置步骤并建立连接。
0h4hbjxa

0h4hbjxa1#

您需要在运行此代码的角色上设置iam策略或内联策略。不确定它是lambda还是在容器中,或者其他什么东西,不管怎样,您的策略都需要如下所示:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:ListTables"
            ],
            "Resource": [
                "arn:aws:dynamodb:eu-west-1:number:table/*"
            ]
        }
    ]
}

相关问题