获取amazondynamodbexception:用户：arn:aws:iam:user is 未授权执行：dynamodb:listtables

juzqafwq 于 2021-07-12 发布在 Java

关注(0)|答案(1)|浏览(434)

在dynamodb配置和连接尝试时，我遇到了一个amazondynamodb异常。配置代码如下所示：

@AllArgsConstructor
@Configuration
public class AWSDynamoDBConfig {

    private final String accessKey;
    private final String secretKey;
    private final String roleArn;

    public AWSDynamoDBConfig() throws IOException {
        Properties properties = readProperties("common", "aws.properties");
        accessKey = properties.getProperty("aws.accessKey");
        secretKey = properties.getProperty("aws.secretKey");
        roleArn = properties.getProperty("aws.roleArn");
    }

    public AssumeRoleRequest roleRequest() {
        return new AssumeRoleRequest().withRoleArn(roleArn);
    }

    @Bean
    public AmazonDynamoDB amazonDynamoDB() {
        return AmazonDynamoDBClientBuilder
                .standard()
                .withRegion(Regions.EU_WEST_1)
                .withCredentials(amazonAWSCredentialProvider())
                .build();
    }

    @Bean
    public AWSCredentials amazonAWSCredential() {
        return new BasicAWSCredentials(accessKey, secretKey);
    }

    @Bean
    public DynamoDBMapperConfig dynamoDBMapperConfig() {
        return DynamoDBMapperConfig.DEFAULT;
    }

    @Bean
    public DynamoDBMapper dynamoDBMapper(AmazonDynamoDB amazonDynamoDB, DynamoDBMapperConfig config) {
        return new DynamoDBMapper(amazonDynamoDB, config);
    }

    @Bean
    public DynamoDB dynamoDB() {
        return new DynamoDB(amazonDynamoDB());
    }

    public AWSCredentialsProvider amazonAWSCredentialProvider() {
        return new AWSStaticCredentialsProvider(amazonAWSCredential());
    }

}

方法调用时产生错误 listTables ```
public void listMyTables() {
TableCollection tables = awsDynamoDBConfig.dynamoDB().listTables();
Iterator iterator = tables.iterator();

    log.info("Listing tables from DynamoDB instance");
    while (iterator.hasNext()) {
        Table table = iterator.next();
        log.info("Table name: " + table.getTableName());
    }
}

com.amazonaws.services.dynamodbv2.model.amazondynamodbexception:用户：arn:aws：iam:：number:user/machine-user 无权执行：dynamodb:listtables on 资源：arn:aws:dynamodb:eu-west-1:number:table/*（服务：amazondynamodbv2；状态码：400；错误代码：accessdeniedexception；请求id:id号）
据我所知，我失踪了 `roleArn` 在amazondynamodb对象中，所以我要添加它。到目前为止，我发现一个主题点击，但上面的解决方案使用不推荐的对象 `AWSSecurityTokenServiceClient` 毕竟，我会使用新的对象 `AmazonDynamoDB` 但我没有找到如何让它成为现实。
我将非常感谢关于如何添加缺失的建议 `arnRole` 到 `AmazonDynamoDB` 对象完成配置步骤并建立连接。

Java amazon-web-services Configuration amazon-dynamodb

来源：https://stackoverflow.com/questions/63468562/getting-amazondynamodbexception-user-arnawsiamuser-is-not-authorized-to-per

1条答案

按热度按时间

0h4hbjxa1#

您需要在运行此代码的角色上设置iam策略或内联策略。不确定它是lambda还是在容器中，或者其他什么东西，不管怎样，您的策略都需要如下所示：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:ListTables"
            ],
            "Resource": [
                "arn:aws:dynamodb:eu-west-1:number:table/*"
            ]
        }
    ]
}

赞(0）回复(0）举报 2021-07-12

我来回答

获取amazondynamodbexception:用户：arn:aws:iam:user is 未授权执行：dynamodb:listtables

1条答案

相关问题

热门标签

最新问答