AWS Lambda和Dynamodb连接时的错误 AccessDeniedException

当想在lambda里通过特定条件读取Dynamodb里的数据时,发生了以下的错误

1
2
3
4
5
6
7
8
9
10
2017-04-03T12:11:12.144Z    ******  Unable to delete item. Error JSON:
{
    "message": "User: arn:aws:sts::******:assumed-role/******/****** is not authorized to perform: dynamodb:DeleteItem on resource: arn:aws:dynamodb:us-east-1:******:table/******",
    "code": "AccessDeniedException",
    "time": "2017-04-03T12:11:12.131Z",
    "requestId": "******",
    "statusCode": 400,
    "retryable": false,
    "retryDelay": 0
}

解决方法:

lambda的policy里、添加可以允许Dynamodb连接的权限。

首先确认lambda的policy:

然后添加policy

这时候ARN这个修饰名是需要的,可以从dynamodb的overview里看到。