0

When I tried to run my lambda function register which queries the table example_user, it will throw the error below. My code is only trying to get data from the table example_user and not create any table.

{"errorType":"Runtime.UnhandledPromiseRejection","errorMessage":"AccessDeniedException: User: arn:aws:sts::577777777777:assumed-role/example-user-api-dev-ap-southeast-1-lambdaRole/example-user-api-dev-register is not authorized to perform: dynamodb:CreateTable on resource: arn:aws:dynamodb:ap-southeast-1:577777777777:table/example_user","reason":{"errorType":"AccessDeniedException","errorMessage":"User: arn:aws:sts::577777777777:assumed-role/example-user-api-dev-ap-southeast-1-lambdaRole/example-user-api-dev-register is not authorized to perform: dynamodb:CreateTable on resource: arn:aws:dynamodb:ap-southeast-1:577777777777:table/example_user"

The error was thrown after 13 UserController with email

This is my codes:

User.js

const schema = new dynamoose.Schema({
    "email": String,
    "uid": String,
    "name": String,
    "gender": {
        "type": Number,
        "default": 0
    },
    "profileImageType": {
        "type": Number,
        "default": 0
    },
    "profileImage": String,
    "accountType": Number,
}, {
    "saveUnknown": true,
    "timestamps": true
});

module.exports = dynamoose.model('example_user', schema);

UserController.js

const User = require("./User.js");
exports.getProfile = async function(email,res){
  console.log("13 UserController with email " + email)
  var profile = await User.get(email)
  console.log("15 profile")
  console.log(profile)
  if (profile){
    return profile;
  }else{
    return false;
  }
};

Below is a snippet from my serverless.yml file

iamRoleStatements:
    - Effect: "Allow"
      Action:
        - "s3:*"
      Resource: 
        - "arn:aws:s3:::profiles.example.app/*"
    - Effect: "Allow"
      Action:
        - dynamodb:Query
        - dynamodb:Scan
        - dynamodb:GetItem
        - dynamodb:PutItem
        - dynamodb:UpdateItem
        - dynamodb:DeleteItem
      Resource: 
        - "arn:aws:dynamodb:ap-southeast-1:577777777777:table/example_user"
imin
  • 4,504
  • 13
  • 56
  • 103

1 Answers1

1

You should be able to do dynamoose.model('example_user', schema, {"create": false}) to get away from the need to create a table https://dynamoosejs.com/guide/Model/

LostJon
  • 2,287
  • 11
  • 20
  • yes I'm aware there's no `dynamodb:CreateTable`, but do I really need that? Because I don't create any table in my code – imin Oct 30 '20 at 15:25
  • @imin Not an expert with `dynamoose`, but it looks like Dynamoose will create the table in your `dynamoose.model` line if the table `example_user` isnt already created. https://github.com/dynamoose/dynamoose/blob/master/lib/Model/index.ts#L75-L82 – LostJon Oct 30 '20 at 15:32
  • Thanks for your reply LostJon; I added CreateTable and now the error I got is 'Table already exists' – imin Oct 30 '20 at 18:32
  • 1
    @imin thats frustrating....definitely something w/ the `dynamoose` package. you should be able to do `dynamoose.model('example_user', schema, {"create": false})` to get away from all of this https://dynamoosejs.com/guide/Model/ – LostJon Oct 30 '20 at 19:32
  • 1
    Thanks LostJon, I actually have been to that page, but my quick reading skipped that part it seems haha. Can you post your comment above as the answer? I'll accept that then. – imin Oct 31 '20 at 04:50