在DynamoDB中使用Cognito ID的AccessDeniedException

本文介绍了在DynamoDB中使用Cognito ID的AccessDeniedException的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

我正在尝试使用Cognito用户ID插入我的DynamoDB表中，并且始终收到 AccessDeniedException 。我遵循了文档，并为此创建了表和策略，如下所示。这里缺少什么。请查看完整的堆栈信息和请求ID。

I am trying to insert to my DynamoDB table using Cognito user Id and I am getting always "AccessDeniedException". I followed documentation and created table and policy for it as below. What is missing here. Please see the full stack information and request ID.

表的UserId为Hashkey，id为rangekey

Table has UserId as Hashkey and id as rangekey

策略：

Policy:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:UpdateItem" ], "Resource": [ "arn:aws:dynamodb:us-east-1:1828211111:table/Table" ], "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "${cognito-identity.amazonaws:sub}" ] } } } ] }

代码为保存数据：

AWS.DynamoDBhelper.Credentials.AddLogin(Helpers.Constants.KEY_LAST_USED_PROVIDER,Helpers.Settings.LoginAccessToken ); var identityId = await AWS.DynamoDBhelper.Credentials.GetIdentityIdAsync(); var client = new Amazon.DynamoDBv2.AmazonDynamoDBClient(AWS.DynamoDBhelper.Credentials, Amazon.RegionEndpoint.USEast1); Amazon.DynamoDBv2.DataModel.DynamoDBContext context = new Amazon.DynamoDBv2.DataModel.DynamoDBContext(client); AWS.Table table= new AWS.Table(); table.UserId = identityId; table.id = "1"; await context.SaveAsync(table);

ex = {Amazon.DynamoDBv2.AmazonDynamoDBException：假定角色/ _auth_MOBILEHUB / CognitoIdentityCredentials未经授权执行：dynamodb：DescribeTable on resource：arn：aws：dynamodb：us-east-1

ex = {Amazon.DynamoDBv2.AmazonDynamoDBException: assumed-role/ _auth_MOBILEHUB/CognitoIdentityCredentials is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east-1

Model：

[DynamoDBTable("Table")] public class Table { [DynamoDBHashKey] public string UserId { get; set; } [DynamoDBRangeKey] public string id { get; set; } }

推荐答案

错误消息：

...无权执行：dynamodb：DescribeTable on resource： arn：aws：dynamodb：us-east- 1 ...

... is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east-1 ...

将以下内容添加到策略中的操作中：

Add the following to the Action in your policy:

dynamodb:DescribeTable

因此您的策略将如下所示

So your policy will look like this

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:UpdateItem", "dynamodb:DescribeTable" ], "Resource": [ "arn:aws:dynamodb:us-east-1:1828211111:table/Table" ], "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "${cognito-identity.amazonaws:sub}" ] } } } ] }