can't view dynamodb table from EC2 ssh session

Question

I ssh into my EC2, my caller-identity is assume role. and i try to display dynamodb table test (created by user bob)using
aws dynamodb scan --table-name test--region us-east-1. I got error:
An error occurred (AccessDeniedException) when calling the Scan operation: User: arn:aws:sts::0********:assumed-role/ssm/i-****** is not authorized to perform: dynamodb:Scan onresource: arn:aws:dynamodb:us-east-1:0******:table/test, how can i switch user in EC2 ssh session to bob, so I can view the table, or there is better way to display dynamodb table in EC2 ssh session? thanks

Answer

To get access to your Amazon DynamoDB service in your local account, you need to update your Amazon EC2 Instance Profile by adding a IAM policy allowing at least the Action 'dynamodb:Scan'.

More information about:
* [Amazon EC2 Instance Profile](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html)
* [Example policy for access to Amazon DynamoDB](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_dynamodb_specific-table.html)

Answer

In your description, its not detailed how IAM is designed for your usecase. So its hard for me to comment on a better way. But based on your description, you might be able to go to the instance role (in IAM) corresponding to the EC2 instance (the i\*\* in the ARN User: arn:aws:sts::0****:assumed-role/ssm/i-\*\*) where you are ssh-ed and then add an inline permissions policy (in IAM) which is identical to the DynamoDB related permission policy associated with the user bob (in IAM).

can't view dynamodb table from EC2 ssh session

関連するコンテンツ