2017-06-22 66 views
0

我是新來的亞馬遜迪納摩DB。我得到的訪問被拒絕異常。
請幫我解決這個問題。AccessDeniedException異常在AWS DynamoDB

錯誤:

User: arn:aws:sts::xx:assumed-role/Cognito_SampleUnauth_Role/CognitoIdentityCredentials is not authorized to perform: dynamodb:DescribeTable on resource: arn:xxx

回答

1

首先確保您假定角色有權訪問DynamoDB。

如果您從您的筆記本電腦的應用程序,而不是EC2 /魔豆,請確保您設置STS證書(http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-cli.html)。

對於從假定角色接收憑證,你可以使用以下命令:

public Credentials getCredentialsFromAssumedRole() { 
     AWSSecurityTokenService awsSecurityTokenService = AWSSecurityTokenServiceClientBuilder.defaultClient(); 
     AssumeRoleRequest assumeRequest = new AssumeRoleRequest() 
       .withRoleArn("arn:aws:iam::XX:role/assume-role-DynamoDB-ReadOnly") 
       .withDurationSeconds(3600) 
       .withRoleSessionName("assumed-role-session"); 

     AssumeRoleResult assumeResult = awsSecurityTokenService.assumeRole(assumeRequest); 
     Credentials credentials = assumeResult.getCredentials(); 
     return credentials; 
    } 

之後,你可以創建DynamoDBMapper instanse:

AmazonDynamoDB amazonDynamoDB = new AmazonDynamoDBClient(amazonAWSCredentials); 
     amazonDynamoDB.setEndpoint(amazonDynamoDBEndpoint); 
     amazonDynamoDB.setRegion(Region.getRegion(Regions.valueOf(amazonAWSRegion))); 
     return new DynamoDBMapper(amazonDynamoDB); 

與DynamoDBMapper你可以做CRUD操作,如:

dynamoDBMapper.save(entity); 
dynamoDBMapper.load(Entity.class, entityId); 

@karthik,它是類似的,你以前那樣?請發佈您的代碼,以瞭解發生了什麼問題。

+0

我正在使用以下URL中給出的示例。我使用這個應用程序「DynamoDBMapper_UserPreference_Cognito」。在該應用程序,我改變了我的憑據,只有區域.. https://github.com/awslabs/aws-sdk-android-samples .. – karthik