By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Can't Scan Alexa Provided DynamoDB Table

0

When I do a scan on the free tables that we get as alexa developers, I get this error:

botocore.exceptions.ClientError: An error occurred (AccessDeniedException) when calling the Scan operation: User: arn:aws:sts::952997128153:assumed-role/AlexaHostedSkillLambdaRole/6171c245-a39d-4b6d-90d5-52bed7461435 is not authorized to perform: dynamodb:Scan on resource: arn:aws:dynamodb:us-east-1:952997128153:table/6171c245-a39d-4b6d-90d5-52bed7461435 because no identity-based policy allows the dynamodb:Scan action

But, I do not have access to create identity based policies for those tables.

Topics
Security, Identity, & ComplianceDatabase
Tags
AWS Identity and Access ManagementAmazon DynamoDBIAM Policies
Language
English
rePost-User-4547790
asked 2 years ago211 views
1 Answer
1

DynamoDB does not use resource based access control, therefore, you will have to add the necessary permissions to your user role arn:aws:sts::952997128153:assumed-role/AlexaHostedSkillLambdaRole. Adding something like the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "MyPolicy",
            "Effect": "Allow",
            "Action": [
                "dynamodb:Scan"
            ],
            "Resource": "arn:aws:dynamodb:us-east-1:952997128153:table/<YourTableName>"
        }
    ]
}

If you do not have permission to add policy to an IAM role, then you should reach out to your accounts admin to do so.

Further info: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/using-identity-based-policies.html

profile pictureAWS
EXPERT
Leeroy Hannigan
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content