我正在尝试使用Cognito用户ID插入我的DynamoDB表中,并且始终收到 AccessDeniedException 。我遵循了文档,并为此创建了表和策略,如下所示。这里缺少什么。请查看完整的堆栈信息和请求ID。
I am trying to insert to my DynamoDB table using Cognito user Id and I am getting always "AccessDeniedException". I followed documentation and created table and policy for it as below. What is missing here. Please see the full stack information and request ID.
表的UserId为Hashkey,id为rangekey
Table has UserId as Hashkey and id as rangekey
策略:
Policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:UpdateItem" ], "Resource": [ "arn:aws:dynamodb:us-east-1:1828211111:table/Table" ], "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "${cognito-identity.amazonaws:sub}" ] } } } ] }代码为保存数据:
AWS.DynamoDBhelper.Credentials.AddLogin(Helpers.Constants.KEY_LAST_USED_PROVIDER,Helpers.Settings.LoginAccessToken ); var identityId = await AWS.DynamoDBhelper.Credentials.GetIdentityIdAsync(); var client = new Amazon.DynamoDBv2.AmazonDynamoDBClient(AWS.DynamoDBhelper.Credentials, Amazon.RegionEndpoint.USEast1); Amazon.DynamoDBv2.DataModel.DynamoDBContext context = new Amazon.DynamoDBv2.DataModel.DynamoDBContext(client); AWS.Table table= new AWS.Table(); table.UserId = identityId; table.id = "1"; await context.SaveAsync(table);ex = {Amazon.DynamoDBv2.AmazonDynamoDBException:假定角色/ _auth_MOBILEHUB / CognitoIdentityCredentials未经授权执行:dynamodb:DescribeTable on resource:arn:aws:dynamodb:us-east-1
ex = {Amazon.DynamoDBv2.AmazonDynamoDBException: assumed-role/ _auth_MOBILEHUB/CognitoIdentityCredentials is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east-1
Model:
[DynamoDBTable("Table")] public class Table { [DynamoDBHashKey] public string UserId { get; set; } [DynamoDBRangeKey] public string id { get; set; } }推荐答案
错误消息:
...无权执行:dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east- 1 ...
... is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east-1 ...
将以下内容添加到策略中的操作中:
Add the following to the Action in your policy:
dynamodb:DescribeTable因此您的策略将如下所示
So your policy will look like this
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:DeleteItem", "dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:Query", "dynamodb:UpdateItem", "dynamodb:DescribeTable" ], "Resource": [ "arn:aws:dynamodb:us-east-1:1828211111:table/Table" ], "Condition": { "ForAllValues:StringEquals": { "dynamodb:LeadingKeys": [ "${cognito-identity.amazonaws:sub}" ] } } } ] }更多推荐
在DynamoDB中使用Cognito ID的AccessDeniedException
发布评论