1

It works fine on my local machine with .aws configured. However, lambda is unable to connect with the dynamodb tables through the auto-generated iam role. I even tried adding a policy explicitly to the role via IAM console:

{
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "dynamodb:*",
            "Resource": "arn:aws:dynamodb:ap-south-1:*:table/*"
}

But still getting this error (Debug Logs):

An error occurred (AccessDeniedException) on request (SQ60ECK3UMM6LLEBC2K04S6HE7VV4KQNSO5AEMVJF66Q9ASUAAJG) on table (lmk_staging_posts) when calling the DescribeTable operation:
2018-02-26 00:11:18.723000 3ca1b0 [DEBUG]       2018-02-25T18:41:18.722Z                Calling DescribeTable with arguments {'TableName': 'lmk_staging_posts'}
2018-02-26 00:19:16.045000 5e175a [DEBUG]       2018-02-25T18:49:16.45Z         Calling DescribeTable with arguments {'TableName': 'lmk_staging_posts'}
2018-02-26 00:19:16.110000 5e175a [DEBUG]       2018-02-25T18:49:16.110Z                Calling DescribeTable with arguments {'TableName': 'lmk_staging_comments'}
2018-02-26 00:19:16.157000 5e175a [DEBUG]       2018-02-25T18:49:16.157Z                Calling DescribeTable with arguments {'TableName': 'lmk_staging_groups'}
2018-02-26 00:19:16.200000 5e175a [DEBUG]       2018-02-25T18:49:16.199Z                Calling DescribeTable with arguments {'TableName': 'lmk_staging_user_profile'}
Vatsal
  • 13
  • 2
  • are you on the correct VPC? idk what kind of security configs you have for your table and/or role – eagle Feb 25 '18 at 19:52

1 Answers1

3

You have to add "autogen_policy":false, to config.json and put all your policies in policy-dev.json, for example:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents",
        "s3:*",
        "dynamodb:*"
      ],
      "Resource": "*"
    }
  ]
}

In this way you setup your policies manually.

Yovany Diaz
  • 51
  • 3