0

At the moment when you finish configuring a DynamoDB table the authenticades role creates this lines:

"Effect":"Allow",
    "Action":[
    "dynamodb:BatchWriteItem",
    "dynamodb:DeleteItem",
    "dynamodb:PutItem",
    "dynamodb:UpdateItem",
    "dynamodb:BatchGetItem",
    "dynamodb:DescribeTable",
    "dynamodb:GetItem",
    "dynamodb:ListTables",
    "dynamodb:Query",
    "dynamodb:Scan"
  ],
  "Resource": [
    table1
  ]

Per table but you can even put all tables in just 1 REsource, this is a waste of memory and dow im getting LimitExceeded error with only 10 tables. My question is: Is there a way of configuring how MobileHub creates this roles or a way of handling this LimitExceeded error?

Daniel Ordóñez
  • 48
  • 7

1 Answers1

1

AWS Mobile Hub just made an enhancement to how the IAM policies for the NoSQL feature (powered by Amazon DynamoDB) are created. We now consolidate the public and private, read and write operations into 4 statements, each of which will reference all the applicable tables and indexes. This results in a much smaller policy. You can update your relevant IAM policies but making any modification to any NoSQL table in your project or by creating a new table

Nimantha
  • 6,405
  • 6
  • 28
  • 69
Andrew C
  • 406
  • 2
  • 6
  • Hey Andrew, I am still getting the error, that means this policy is still not updated or not optimized do you know where can I ask for help? This is the error: Maximum policy size of 10240 bytes exceeded for role equo_auth_MOBILEHUB_1429140868 (Service: AmazonIdentityManagement; Status Code: 409; Error Code: LimitExceeded; Request ID: a5d39c47-9fbe-11e6-8cab-1bd11fd8e8dd) – Daniel Ordóñez Oct 31 '16 at 23:07
  • Have you made any changes to any table (forcing it to update the policy)? How many tables of which permission type do you have? – Andrew C Dec 05 '16 at 17:32