我是新來的亞馬遜迪納摩DB。我得到的訪問被拒絕異常。
請幫我解決這個問題。AccessDeniedException異常在AWS DynamoDB
錯誤:
User: arn:aws:sts::xx:assumed-role/Cognito_SampleUnauth_Role/CognitoIdentityCredentials is not authorized to perform: dynamodb:DescribeTable on resource: arn:xxx
我是新來的亞馬遜迪納摩DB。我得到的訪問被拒絕異常。
請幫我解決這個問題。AccessDeniedException異常在AWS DynamoDB
錯誤:
User: arn:aws:sts::xx:assumed-role/Cognito_SampleUnauth_Role/CognitoIdentityCredentials is not authorized to perform: dynamodb:DescribeTable on resource: arn:xxx
首先確保您假定角色有權訪問DynamoDB。
如果您從您的筆記本電腦的應用程序,而不是EC2 /魔豆,請確保您設置STS證書(http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-cli.html)。
對於從假定角色接收憑證,你可以使用以下命令:
public Credentials getCredentialsFromAssumedRole() {
AWSSecurityTokenService awsSecurityTokenService = AWSSecurityTokenServiceClientBuilder.defaultClient();
AssumeRoleRequest assumeRequest = new AssumeRoleRequest()
.withRoleArn("arn:aws:iam::XX:role/assume-role-DynamoDB-ReadOnly")
.withDurationSeconds(3600)
.withRoleSessionName("assumed-role-session");
AssumeRoleResult assumeResult = awsSecurityTokenService.assumeRole(assumeRequest);
Credentials credentials = assumeResult.getCredentials();
return credentials;
}
之後,你可以創建DynamoDBMapper instanse:
AmazonDynamoDB amazonDynamoDB = new AmazonDynamoDBClient(amazonAWSCredentials);
amazonDynamoDB.setEndpoint(amazonDynamoDBEndpoint);
amazonDynamoDB.setRegion(Region.getRegion(Regions.valueOf(amazonAWSRegion)));
return new DynamoDBMapper(amazonDynamoDB);
與DynamoDBMapper你可以做CRUD操作,如:
dynamoDBMapper.save(entity);
dynamoDBMapper.load(Entity.class, entityId);
@karthik,它是類似的,你以前那樣?請發佈您的代碼,以瞭解發生了什麼問題。
我正在使用以下URL中給出的示例。我使用這個應用程序「DynamoDBMapper_UserPreference_Cognito」。在該應用程序,我改變了我的憑據,只有區域.. https://github.com/awslabs/aws-sdk-android-samples .. – karthik