20

I've created my API with serverless, after I deployed my API into lambda, and we I try to test the endpoint via the "Test" button in the GatewayAPI, I get the error:

"User: arn:aws:sts::245912153055:assumed-role/pets-service-dev-us-east-1-lambdaRole/pets-service-dev-listPets is not authorized to perform: dynamodb:Scan on resource: arn:aws:dynamodb:us-east-1:245912153055:table/Pets"

I should probably need to give the permission to Lambda, but I'm a little bit lost ...

GuillaumeC
  • 535
  • 1
  • 8
  • 18

2 Answers2

22

As already stated, you need to add the permissions to your serverless definition.

The docs are quite extensive on this topic: serverless IAM guide

In you case, you probably just need to add something like the following permission to your serverless.yml.

provider:
  iamRoleStatements:
    -  Effect: "Allow"
       Action:
         - "dynamodb:Scan"
       Resource: "arn:aws:dynamodb:us-east-1:245912153055:table/Pets"
jens walter
  • 13,269
  • 2
  • 56
  • 54
-1

I am a bit late to the party but it could still help someone to know that currently (March 2019) there seems to be a problem using nodejs vs 8.10 when creating your lambda. Adding all the necessary permissions still cause the above-mentioned error. An easy fix is to use a lower nodejs version for now. Let's hope that issue gets fixed asap

jeldrik schmuch
  • 69
  • 6
  • Is this still an issue? Where did you find that this problem exists? I'm running into this problem now with node v 8.10 and can't seem to find any way to add the dynamo policy – Alex DeCamillo May 03 '19 at 15:12