Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

Cannot attach Trigger to DynamoDB Table

0

I'm trying to attach a trigger which will invoke a Lambda function when a dynamoDB table is updated. (Briefly, this is aggregating results from one table to another.)

I get an error: InvalidParameterValueException: Cannot access stream arn:aws:dynamodb:[LOCATION]:[ACCOUNT]:table/[TABLE1]/stream/[DATETIME]. Please ensure the role can perform the GetRecords, GetShardIterator, DescribeStream, and ListStreams Actions on your stream in IAM.

This occurs both if I try to attach a trigger to the function and point at the table, and if I try to create a new (or attach an existing) function on the table.

In the attached role, I have added an in-line policy: { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "dynamodb:GetShardIterator", "dynamodb:DescribeStream", "dynamodb:GetRecords", "dynamodb:ListStreams" ], "Resource": "arn:aws:dynamodb:[LOCATION]:[ACCOUNT]:table/[TABLE1]//stream/*" }, { "Sid": "VisualEditor2", "Effect": "Allow", "Action": "dynamodb:PutItem", "Resource": "arn:aws:dynamodb:[LOCATION]:[ACCOUNT]:table/[TABLE2]" } ] }

Themen
ServerlosKalkulationDatenbankSicherheit, Identität & Konformität
Tags
AWS LambdaAmazon DynamoDBIAM-Richtlinien
Sprache
English
CharlieM
gefragt vor 2 Monaten143 Aufrufe
1 Antwort
1
Akzeptierte Antwort

Hello.

Will it succeed if I attach "AmazonDynamoDBReadOnlyAccess" to Lambda's IAM role?
https://docs.aws.amazon.com/aws-managed-policy/latest/reference/AmazonDynamoDBReadOnlyAccess.html

Also, since "Resource" is "arn:aws:dynamodb:[LOCATION]:[ACCOUNT]:table/[TABLE1]//stream/*", "arn:aws:dynamodb:[LOCATION]:[ACCOUNT] ]:table/[TABLE1]/stream/*".

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "dynamodb:GetShardIterator",
                "dynamodb:DescribeStream",
                "dynamodb:GetRecords",
                "dynamodb:ListStreams"
            ],
            "Resource": "arn:aws:dynamodb:[LOCATION]:[ACCOUNT]:table/[TABLE1]/stream/*"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": "dynamodb:PutItem",
            "Resource": "arn:aws:dynamodb:[LOCATION]:[ACCOUNT]:table/[TABLE2]"
        }
    ]
}
profile picture
EXPERTE
Riku_Kobayashi
beantwortet vor 2 Monaten
profile picture
EXPERTE
Oleksii Bebych
überprüft vor 2 Monaten
profile picture
EXPERTE
Gary Mclean
überprüft vor 2 Monaten
  • CharlieM
    vor 2 Monaten

    Thank you, the // was the issue that was causing the trigger to not be set up.

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt