Python中文网

一个关于 编程问题的解答网站.

有 Java 编程相关的问题?

你可以在下面搜索框中键入要查询的问题!

java获取AmazondynamodException:User:arn:aws:iam:User无权执行:dynamodb:ListTables

1 月,2 周 Questions & Answers

在DynamoDB配置和连接尝试时,我遇到了AmazonDynamoDBException。 配置代码如下所示:

@AllArgsConstructor
@Configuration
public class AWSDynamoDBConfig {

    private final String accessKey;
    private final String secretKey;
    private final String roleArn;

    public AWSDynamoDBConfig() throws IOException {
        Properties properties = readProperties("common", "aws.properties");
        accessKey = properties.getProperty("aws.accessKey");
        secretKey = properties.getProperty("aws.secretKey");
        roleArn = properties.getProperty("aws.roleArn");
    }

    public AssumeRoleRequest roleRequest() {
        return new AssumeRoleRequest().withRoleArn(roleArn);
    }

    @Bean
    public AmazonDynamoDB amazonDynamoDB() {
        return AmazonDynamoDBClientBuilder
                .standard()
                .withRegion(Regions.EU_WEST_1)
                .withCredentials(amazonAWSCredentialProvider())
                .build();
    }

    @Bean
    public AWSCredentials amazonAWSCredential() {
        return new BasicAWSCredentials(accessKey, secretKey);
    }

    @Bean
    public DynamoDBMapperConfig dynamoDBMapperConfig() {
        return DynamoDBMapperConfig.DEFAULT;
    }

    @Bean
    public DynamoDBMapper dynamoDBMapper(AmazonDynamoDB amazonDynamoDB, DynamoDBMapperConfig config) {
        return new DynamoDBMapper(amazonDynamoDB, config);
    }

    @Bean
    public DynamoDB dynamoDB() {
        return new DynamoDB(amazonDynamoDB());
    }

    public AWSCredentialsProvider amazonAWSCredentialProvider() {
        return new AWSStaticCredentialsProvider(amazonAWSCredential());
    }

}

方法调用listTables时产生错误

public void listMyTables() {
        TableCollection<ListTablesResult> tables = awsDynamoDBConfig.dynamoDB().listTables();
        Iterator<Table> iterator = tables.iterator();

        log.info("Listing tables from DynamoDB instance");
        while (iterator.hasNext()) {
            Table table = iterator.next();
            log.info("Table name: " + table.getTableName());
        }
    }

com.amazonaws.services.dynamodbv2.model.AmazonDynamoDBException: User: arn:aws:iam::number:user/machine-USER is not authorized to perform: dynamodb:ListTables on resource: arn:aws:dynamodb:eu-west-1:number:table/* (Service: AmazonDynamoDBv2; Status Code: 400; Error Code: AccessDeniedException; Request ID: ID-Number)

据我所知,我在AmazonDynamoDB对象中缺少了roleArn,因此我想添加它。 到目前为止,我已经找到了一个主题click,但上面的解决方案使用了不推荐的对象AWSSecurityTokenServiceClient,毕竟,我会使用新对象AmazonDynamoDB,但我没有找到如何使它成为现实
对于如何将缺少的arnRole添加到AmazonDynamoDB对象以完成配置步骤并建立连接的建议,我将不胜感激


共 (1) 个答案

  1. # 1 楼答案

    您需要在运行此代码的角色上设置IAM策略或内联策略。不确定它是lambda还是在容器中,或者其他什么东西,不管怎样,您的策略都需要如下所示:

    {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:ListTables"
            ],
            "Resource": [
                "arn:aws:dynamodb:eu-west-1:number:table/*"
            ]
        }
    ]
}