- Newest
- Most votes
- Most comments
It seems like you're facing two issues with your AWS Lambda function and DynamoDB setup:
AccessDeniedException: This error occurs because the AWS Lambda function does not have the necessary IAM permissions to perform a dynamodb:Scan operation on the DynamoDB table.
ResourceNotFoundException: This error occurs when you manually add the DynamoDB full access policy to the Lambda function, but there might be some issues with how the table is referenced or the table doesn't exist in the specified region.
To resolve these issues and allow Amplify to generate the correct IAM roles, please try to follow these next steps.
First Issue: AccessDeniedException To allow your Lambda function to perform a dynamodb:Scan operation, you should configure the correct IAM permissions. Here are the steps to ensure that Amplify generates the correct IAM roles:
- Amplify Configuration: Make sure your Amplify configuration (amplify/backend/api/<your-api-name>/stacks/stack-name.json) has the proper permissions set up. You should see a section like this:
"Function": {
"Type": "AWS::Lambda::Function",
"Properties": {
...
"Policies": [
{
"PolicyName": "yourLambdaPolicy",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:Scan",
...
],
"Resource": [
"arn:aws:dynamodb:region:account-id:table/your-table-name"
]
},
...
]
}
}
],
...
}
}
Ensure that the "Resource" section specifies the correct DynamoDB table ARN. Amplify should generate this automatically, but you can double-check it.
- Amplify Push: After making changes to your Amplify configuration, run amplify push to update your AWS resources. Amplify should update the IAM roles and permissions as specified in your configuration.
Second Issue: ResourceNotFoundException If you still encounter a ResourceNotFoundException after correcting the IAM permissions, make sure of the following:
-
Double-check the DynamoDB table name and region in your Lambda code. Ensure that you are specifying the correct table name and that the table exists in the region you are working in.
-
Check if there are any typos or discrepancies in your table name, including case sensitivity.
-
Verify that the Lambda function and DynamoDB table are in the same AWS region.
Ensure that the table's ARN in the Lambda function's IAM policy matches the actual DynamoDB table's ARN.
If you follow these steps and ensure that your Amplify configuration is correctly set up, you should be able to resolve the access issues and allow Amplify to generate the correct IAM roles for your AWS Lambda function and DynamoDB integration.
Please let us know if this worked well for you.
Relevant content
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
Please provide your code or so we can help you debug. You can also join the amplify discord for a faster response: https://discord.com/invite/amplify