Can't Scan Alexa Provided DynamoDB Table

Question

When I do a scan on the free tables that we get as alexa developers, I get this error:

botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the Scan operation: User: arn:aws:sts::952997128153:assumed-role/AlexaHostedSkillLambdaRole/6171c245-a39d-4b6d-90d5-52bed7461435 is not authorized to perform: dynamodb:Scan on resource: arn:aws:dynamodb:us-east-1:952997128153:table/6171c245-a39d-4b6d-90d5-52bed7461435 because no identity-based policy allows the dynamodb:Scan action

But, I do not have access to create identity based policies for those tables.

Answer

DynamoDB does not use resource based access control, therefore, you will have to add the necessary permissions to your user role `arn:aws:sts::952997128153:assumed-role/AlexaHostedSkillLambdaRole`. Adding something like the following:

```
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "MyPolicy",
            "Effect": "Allow",
            "Action": [
                "dynamodb:Scan"
            ],
            "Resource": "arn:aws:dynamodb:us-east-1:952997128153:table/"
        }
    ]
}
```

If you do not have permission to add policy to an IAM role, then you should reach out to your accounts admin to do so.

Further info: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/using-identity-based-policies.html

Can't Scan Alexa Provided DynamoDB Table

Relevanter Inhalt