AmazonServiceException:用户无权执行:dynamodb:DescribeTable 状态码:400

时间:2023-04-22
本文介绍了AmazonServiceException:用户无权执行:dynamodb:DescribeTable 状态码:400;错误代码:AccessDeniedException的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

我原本以为这个问题是由于区域不匹配造成的,但是在更改区域后,我在尝试此处找到的 Amazon AWS 示例时仍然遇到以下错误:

I had originally thought that this issue was due to mismatching regions, but after changing the region, I'm still coming across the following error when trying out an Amazon AWS sample found here:

DynamoDBMapper

 AmazonServiceException: User: arn:aws:sts::[My Account
 ARN]:assumed-role/Cognito_AndroidAppUnauth_DefaultRole/ProviderSession
 is not authorized to perform: dynamodb:DescribeTable on resource:
 arn:aws:dynamodb:us-east-1:[My Account ARN]:table/test_table (Service:
 AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException;
 Request ID: BBFTS0Q8UHTMG120IORC2KSASVVV4KQNSO5AEMVJF66Q9ASUAAJG)

一切都或多或少相同,我唯一更改的是将 DBclient 区域更改为 US_EAST_1,我的测试表在其中托管并修改使用Amazon Cognito 入门代码"页面中的信息生成的常量文件,该页面是按照 Cognito 入门文档生成的.

Everything is more or less the same, the only things I've changed have been changing the DBclient region to US_EAST_1, where my test table is hosted and modifying the Constants file using the info from the 'Amazon Cognito Starter Code' page that is generated through following the Cognito get started documentation.

sdkforandroid-cognito-auth

对于我的 Cognito_AndroidAppUnauth_DefaultRole 角色策略,我修改了默认的移动分析和同步服务权限,使其还包括对所有表(无论是否存在)的所有操作的访问:

For my Cognito_AndroidAppUnauth_DefaultRole role policy I modified the default mobile analytics and sync service permission to also include access of all actions on all tables, existing or not:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "CognitoPolicy",
            "Action": [
                "mobileanalytics:PutEvents",
                "cognito-sync:*"
            ],
            "Effect": "Allow",
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "DynamoDBPolicy",
            "Effect": "Allow",
            "Action": [
                "dynamodb: *"
            ],
            "Resource": "*"
        }
    ]
}

那么为什么它声称在使用正确的区域时它没有权限并且 Unauth 策略应该允许表访问?

So why is it claiming that it doesn't have permission when the correct region is used and the Unauth policy should allow for table access?

调用 DynamoDB 资源(创建表)上的方法时的 Stacktrace,它是否有用

Stacktrace when calling a method on the DynamoDB resource (create table), should it prove useful

   com.amazonaws.AmazonServiceException: User: arn:aws:sts::[My Account ARN]:assumed-role/Cognito_AndroidAppUnauth_DefaultRole/ProviderSession is not authorized to perform: dynamodb:CreateTable on resource: arn:aws:dynamodb:us-east-1:[My Account ARN]:table/test_table (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException; Request ID: SDELNSMLO10EV7CM2STC1R9RU3VV4KQNSO5AEMVJF66Q9ASUAAJG)
            at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(Unknown Source)
            at com.amazonaws.http.AmazonHttpClient.executeHelper(Unknown Source)
            at com.amazonaws.http.AmazonHttpClient.execute(Unknown Source)
            at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(Unknown Source)
            at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.createTable(Unknown Source)
            at com.amazonaws.demo.userpreferencesom.DynamoDBManager.createTable(DynamoDBManager.java:72)
            at com.amazonaws.demo.userpreferencesom.UserPreferenceDemoActivity$DynamoDBManagerTask.doInBackground(UserPreferenceDemoActivity.java:99)
            at com.amazonaws.demo.userpreferencesom.UserPreferenceDemoActivity$DynamoDBManagerTask.doInBackground(UserPreferenceDemoActivity.java:85)
            at android.os.AsyncTask$2.call(AsyncTask.java:288)
            at java.util.concurrent.FutureTask.run(FutureTask.java:237)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
            at java.lang.Thread.run(Thread.java:841)

推荐答案

与亚马逊工程师合作,发现问题出在策略配置中:

Worked with an Amazon engineer and it turns out the problem was in the policy configuration:

"dynamodb: *"

应该是

"dynamodb:*"

一个空间能做什么真是太神奇了.

It's amazing what a space can do.

这篇关于AmazonServiceException:用户无权执行:dynamodb:DescribeTable 状态码:400;错误代码:AccessDeniedException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

上一篇:DynamoDbMapperException:没有方法注释? 下一篇:是否可以使用 AWS AppSync 构建离线优先的移动应用程序?

相关文章