AmazonServiceException:用户无权执行:dynamodb:DescribeTable 状态码:400

AmazonServiceException: User is not authorized to perform: dynamodb:DescribeTable Status Code: 400; Error Code: AccessDeniedException(AmazonServiceException:用户无权执行:dynamodb:DescribeTable 状态码:400;错误代码:AccessDeniedException) - I
本文介绍了AmazonServiceException:用户无权执行:dynamodb:DescribeTable 状态码:400;错误代码:AccessDeniedException的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

问题描述

我原本以为这个问题是由于区域不匹配造成的,但是在更改区域后,我在尝试此处找到的 Amazon AWS 示例时仍然遇到以下错误:

I had originally thought that this issue was due to mismatching regions, but after changing the region, I'm still coming across the following error when trying out an Amazon AWS sample found here:

DynamoDBMapper

 AmazonServiceException: User: arn:aws:sts::[My Account
 ARN]:assumed-role/Cognito_AndroidAppUnauth_DefaultRole/ProviderSession
 is not authorized to perform: dynamodb:DescribeTable on resource:
 arn:aws:dynamodb:us-east-1:[My Account ARN]:table/test_table (Service:
 AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException;
 Request ID: BBFTS0Q8UHTMG120IORC2KSASVVV4KQNSO5AEMVJF66Q9ASUAAJG)

一切都或多或少相同,我唯一更改的是将 DBclient 区域更改为 US_EAST_1,我的测试表在其中托管并修改使用Amazon Cognito 入门代码"页面中的信息生成的常量文件,该页面是按照 Cognito 入门文档生成的.

Everything is more or less the same, the only things I've changed have been changing the DBclient region to US_EAST_1, where my test table is hosted and modifying the Constants file using the info from the 'Amazon Cognito Starter Code' page that is generated through following the Cognito get started documentation.

sdkforandroid-cognito-auth

对于我的 Cognito_AndroidAppUnauth_DefaultRole 角色策略,我修改了默认的移动分析和同步服务权限,使其还包括对所有表(无论是否存在)的所有操作的访问:

For my Cognito_AndroidAppUnauth_DefaultRole role policy I modified the default mobile analytics and sync service permission to also include access of all actions on all tables, existing or not:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "CognitoPolicy",
            "Action": [
                "mobileanalytics:PutEvents",
                "cognito-sync:*"
            ],
            "Effect": "Allow",
            "Resource": [
                "*"
            ]
        },
        {
            "Sid": "DynamoDBPolicy",
            "Effect": "Allow",
            "Action": [
                "dynamodb: *"
            ],
            "Resource": "*"
        }
    ]
}

那么为什么它声称在使用正确的区域时它没有权限并且 Unauth 策略应该允许表访问?

So why is it claiming that it doesn't have permission when the correct region is used and the Unauth policy should allow for table access?

调用 DynamoDB 资源(创建表)上的方法时的 Stacktrace,它是否有用

Stacktrace when calling a method on the DynamoDB resource (create table), should it prove useful

   com.amazonaws.AmazonServiceException: User: arn:aws:sts::[My Account ARN]:assumed-role/Cognito_AndroidAppUnauth_DefaultRole/ProviderSession is not authorized to perform: dynamodb:CreateTable on resource: arn:aws:dynamodb:us-east-1:[My Account ARN]:table/test_table (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException; Request ID: SDELNSMLO10EV7CM2STC1R9RU3VV4KQNSO5AEMVJF66Q9ASUAAJG)
            at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(Unknown Source)
            at com.amazonaws.http.AmazonHttpClient.executeHelper(Unknown Source)
            at com.amazonaws.http.AmazonHttpClient.execute(Unknown Source)
            at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(Unknown Source)
            at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.createTable(Unknown Source)
            at com.amazonaws.demo.userpreferencesom.DynamoDBManager.createTable(DynamoDBManager.java:72)
            at com.amazonaws.demo.userpreferencesom.UserPreferenceDemoActivity$DynamoDBManagerTask.doInBackground(UserPreferenceDemoActivity.java:99)
            at com.amazonaws.demo.userpreferencesom.UserPreferenceDemoActivity$DynamoDBManagerTask.doInBackground(UserPreferenceDemoActivity.java:85)
            at android.os.AsyncTask$2.call(AsyncTask.java:288)
            at java.util.concurrent.FutureTask.run(FutureTask.java:237)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587)
            at java.lang.Thread.run(Thread.java:841)

推荐答案

与亚马逊工程师合作,发现问题出在策略配置中:

Worked with an Amazon engineer and it turns out the problem was in the policy configuration:

"dynamodb: *"

应该是

"dynamodb:*"

一个空间能做什么真是太神奇了.

It's amazing what a space can do.

这篇关于AmazonServiceException:用户无权执行:dynamodb:DescribeTable 状态码:400;错误代码:AccessDeniedException的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

本站部分内容来源互联网,如果有图片或者内容侵犯了您的权益,请联系我们,我们会在确认后第一时间进行删除!

相关文档推荐

How To Create a Rotating Wheel Control?(如何创建转轮控件?)
How to avoid restarting activity when orientation changes on Android(如何在 Android 上的方向更改时避免重新启动活动)
Screen orientation lock(屏幕方向锁定)
Strange behavior with android orientation sensor(android方向传感器的奇怪行为)
Android: Rotate image in imageview by an angle(Android:将imageview中的图像旋转一个角度)
Activity restart on rotation Android(旋转Android上的活动重启)