1. 首頁
  2. 問答
  3. AmazonServiceException:用戶未被授權執行:dynamodb:DescribeTable狀態碼:400;錯誤代碼:AccessDeniedException異常

AmazonServiceException:用戶未被授權執行:dynamodb:DescribeTable狀態碼:400;錯誤代碼:AccessDeniedException異常

2014-07-15 127 views
13

我原本以爲,這個問題是由於不匹配的區域,但改變區域之後,我仍然遇到下列錯誤嘗試的亞馬遜AWS樣本發現這裏的時候,來了:AmazonServiceException:用戶未被授權執行:dynamodb:DescribeTable狀態碼:400;錯誤代碼:AccessDeniedException異常

DynamoDBMapper

AmazonServiceException: User: arn:aws:sts::[My Account 
ARN]:assumed-role/Cognito_AndroidAppUnauth_DefaultRole/ProviderSession 
is not authorized to perform: dynamodb:DescribeTable on resource: 
arn:aws:dynamodb:us-east-1:[My Account ARN]:table/test_table (Service: 
AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException; 
Request ID: BBFTS0Q8UHTMG120IORC2KSASVVV4KQNSO5AEMVJF66Q9ASUAAJG)

一切都或多或少是相同的,唯一的東西我改變已經在DBclient區變成US_EAST_1,在我的測試表託管和修改使用從「亞馬遜Cognito入門的信息的常量文件代碼「頁面,通過遵循Cognito入門文檔生成上。

sdkforandroid-cognito-auth

對於我Cognito_AndroidAppUnauth_DefaultRole作用的政策我修改了默認的移動分析和同步服務權限還包括所有表上的所有操作的訪問,現有的或不:

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
     { 
      "Sid": "CognitoPolicy", 
      "Action": [ 
       "mobileanalytics:PutEvents", 
       "cognito-sync:*" 
      ], 
      "Effect": "Allow", 
      "Resource": [ 
       "*" 
      ] 
     }, 
     { 
      "Sid": "DynamoDBPolicy", 
      "Effect": "Allow", 
      "Action": [ 
       "dynamodb: *" 
      ], 
      "Resource": "*" 
     } 
    ] 
}

那麼爲什麼聲稱在使用正確的區域並且Unauth策略應允許表訪問時它沒有權限?

編輯:堆棧跟蹤呼籲DynamoDB資源的方法時(創建表),它應該是有用

com.amazonaws.AmazonServiceException: User: arn:aws:sts::[My Account ARN]:assumed-role/Cognito_AndroidAppUnauth_DefaultRole/ProviderSession is not authorized to perform: dynamodb:CreateTable on resource: arn:aws:dynamodb:us-east-1:[My Account ARN]:table/test_table (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException; Request ID: SDELNSMLO10EV7CM2STC1R9RU3VV4KQNSO5AEMVJF66Q9ASUAAJG) 
      at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(Unknown Source) 
      at com.amazonaws.http.AmazonHttpClient.executeHelper(Unknown Source) 
      at com.amazonaws.http.AmazonHttpClient.execute(Unknown Source) 
      at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(Unknown Source) 
      at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.createTable(Unknown Source) 
      at com.amazonaws.demo.userpreferencesom.DynamoDBManager.createTable(DynamoDBManager.java:72) 
      at com.amazonaws.demo.userpreferencesom.UserPreferenceDemoActivity$DynamoDBManagerTask.doInBackground(UserPreferenceDemoActivity.java:99) 
      at com.amazonaws.demo.userpreferencesom.UserPreferenceDemoActivity$DynamoDBManagerTask.doInBackground(UserPreferenceDemoActivity.java:85) 
      at android.os.AsyncTask$2.call(AsyncTask.java:288) 
      at java.util.concurrent.FutureTask.run(FutureTask.java:237) 
      at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1112) 
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:587) 
      at java.lang.Thread.run(Thread.java:841)

來源

2014-07-15 Kurt Wagner

回答

17

與亞馬遜的工程師工作,原來的問題是在策略配置:

"dynamodb: *"

應該

"dynamodb:*"

這是驚人的什麼空間可以d O操作。

來源

2014-07-15 21:01:40

+1

冷,正要張貼 - 偉大的,AWS支持高可用太:) –

+1

呀,GitHub的問題比AWS論壇上好多了,至少對於亞馬遜提供的樣本資源工作。他們可能不會幫助,如果那是你自己設計的其他一些瘋狂的代碼,因爲它不會是相關示例項目。 XP –

+0

@KurtWagner:政策配置位於何處? –

相關問題

 相關問題