I am getting this error when i am trying to trigger
There was an error creating the trigger: Cannot access stream arn:aws:dynamodb:us-east-2:xxxxxx:table/xxxx/stream/2017-09-18T07:47:01.834. Please ensure the role can perform the GetRecords, GetShardIterator, DescribeStream, and ListStreams Actions on your stream in IAM.
Please help me,
You can use an AWS Lambda function to process records in an Amazon DynamoDB stream. With DynamoDB Streams, you can trigger a Lambda function to perform additional work each time a DynamoDB table is updated.
If you enable DynamoDB Streams on a table, you can associate the stream Amazon Resource Name (ARN) with an AWS Lambda function that you write. All mutation actions to that DynamoDB table can then be captured as an item on the stream.
When attaching a trigger to a DynamoDb table, you will get the error as posted by OP
You need to add a policy to the IAM role generated for that lambda function.
Here is sample JSON you can use to create the policy, just replace the lambda function and stream ARNs.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws:lambda:region:accountnumber:function:functionname"
},
{
"Effect": "Allow",
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams"
],
"Resource": "arn:aws:dynamodb:region:accountnumber:table/table-name/stream/2019-02-27T07:41:49.893"
}
]
}
Once you create the policy and attach it to the role, you can then go back to DynamoDB and create a new trigger with the lambda function. If done correctly, it will create without errors.
Seems like you only need to create this role with policy AWSLambdaDynamoDBExecutionRole and attach to your lambda. You probably don't want full access as this is a read action.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With