問題描述
我原本以為這個問題是由于區(qū)域不匹配造成的,但是在更改區(qū)域后,我在嘗試此處找到的 Amazon AWS 示例時仍然遇到以下錯誤:
I had originally thought that this issue was due to mismatching regions, but after changing the region, I'm still coming across the following error when trying out an Amazon AWS sample found here:
DynamoDBMapper
AmazonServiceException: User: arn:aws:sts::[My Account
ARN]:assumed-role/Cognito_AndroidAppUnauth_DefaultRole/ProviderSession
is not authorized to perform: dynamodb:DescribeTable on resource:
arn:aws:dynamodb:us-east-1:[My Account ARN]:table/test_table (Service:
AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException;
Request ID: BBFTS0Q8UHTMG120IORC2KSASVVV4KQNSO5AEMVJF66Q9ASUAAJG)
一切都或多或少相同,我唯一更改的是將 DBclient 區(qū)域更改為 US_EAST_1,我的測試表在其中托管并修改使用Amazon Cognito 入門代碼"頁面中的信息生成的常量文件,該頁面是按照 Cognito 入門文檔生成的.
Everything is more or less the same, the only things I've changed have been changing the DBclient region to US_EAST_1, where my test table is hosted and modifying the Constants file using the info from the 'Amazon Cognito Starter Code' page that is generated through following the Cognito get started documentation.
sdkforandroid-cognito-auth
對于我的 Cognito_AndroidAppUnauth_DefaultRole 角色策略,我修改了默認(rèn)的移動分析和同步服務(wù)權(quán)限,使其還包括對所有表(無論是否存在)的所有操作的訪問:
For my Cognito_AndroidAppUnauth_DefaultRole role policy I modified the default mobile analytics and sync service permission to also include access of all actions on all tables, existing or not:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "CognitoPolicy",
"Action": [
"mobileanalytics:PutEvents",
"cognito-sync:*"
],
"Effect": "Allow",
"Resource": [
"*"
]
},
{
"Sid": "DynamoDBPolicy",
"Effect": "Allow",
"Action": [
"dynamodb: *"
],
"Resource": "*"
}
]
}
那么為什么它聲稱在使用正確的區(qū)域時它沒有權(quán)限并且 Unauth 策略應(yīng)該允許表訪問?
So why is it claiming that it doesn't have permission when the correct region is used and the Unauth policy should allow for table access?
調(diào)用 DynamoDB 資源(創(chuàng)建表)上的方法時的 Stacktrace,它是否有用
Stacktrace when calling a method on the DynamoDB resource (create table), should it prove useful
com.amazonaws.AmazonServiceException: User: arn:aws:sts::[My Account ARN]:assumed-role/Cognito_AndroidAppUnauth_DefaultRole/ProviderSession is not authorized to perform: dynamodb:CreateTable on resource: arn:aws:dynamodb:us-east-1:[My Account ARN]:table/test_table (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException; Request ID: SDELNSMLO10EV7CM2STC1R9RU3VV4KQNSO5AEMVJF66Q9ASUAAJG)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(Unknown Source)
at com.amazonaws.http.AmazonHttpClient.executeHelper(Unknown Source)
at com.amazonaws.http.AmazonHttpClient.execute(Unknown Source)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(Unknown Source)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.createTable(Unknown Source)
at com.amazonaws.demo.userpreferencesom.DynamoDBManager.createTable(DynamoDBManager.java:72)
at com.amazonaws.demo.userpreferencesom.UserPreferenceDemoActivity$DynamoDBManagerTask.doInBackground(UserPreferenceDemoActivity.java:99)
at com.amazonaws.demo.userpreferencesom.UserPreferenceDemoActivity$DynamoDBManagerTask.doInBackground(UserPreferenceDemoActivity.java:85)
at android.os.AsyncTask$2.call(AsyncTask.java:288)
at java.util.concurrent.FutureTask.run(FutureTask.java:237)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
at java.lang.Thread.run(Thread.java:841)
推薦答案
與亞馬遜工程師合作,發(fā)現(xiàn)問題出在策略配置中:
Worked with an Amazon engineer and it turns out the problem was in the policy configuration:
"dynamodb: *"
應(yīng)該是
"dynamodb:*"
一個空間能做什么真是太神奇了.
It's amazing what a space can do.
這篇關(guān)于AmazonServiceException:用戶無權(quán)執(zhí)行:dynamodb:DescribeTable 狀態(tài)碼:400;錯誤代碼:AccessDeniedException的文章就介紹到這了,希望我們推薦的答案對大家有所幫助,也希望大家多多支持html5模板網(wǎng)!