Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Lambda and DynamoDB : is not authorized to perform: dynamodb:Scan

I've created my API with serverless, after I deployed my API into lambda, and we I try to test the endpoint via the "Test" button in the GatewayAPI, I get the error:

"User: arn:aws:sts::245912153055:assumed-role/pets-service-dev-us-east-1-lambdaRole/pets-service-dev-listPets is not authorized to perform: dynamodb:Scan on resource: arn:aws:dynamodb:us-east-1:245912153055:table/Pets"

I should probably need to give the permission to Lambda, but I'm a little bit lost ...

like image 575
GuillaumeC Avatar asked Mar 04 '17 23:03

GuillaumeC


1 Answers

As already stated, you need to add the permissions to your serverless definition.

The docs are quite extensive on this topic: serverless IAM guide

In you case, you probably just need to add something like the following permission to your serverless.yml.

provider:
  iamRoleStatements:
    -  Effect: "Allow"
       Action:
         - "dynamodb:Scan"
       Resource: "arn:aws:dynamodb:us-east-1:245912153055:table/Pets"
like image 122
jens walter Avatar answered Sep 20 '22 21:09

jens walter