User is not authorized to perform: dynamodb:PutItem on resource

Question

I am trying to access DynamoDB from my Node app deployed on AWS ElasticBeanStalk. I am getting an error

User is not authorized to perform: dynamodb:PutItem on resource

It works perfectly fine locally, but when I deploy to the AWS it stops performing.

Answer 1

The dynamoDB access denied is generally a Policy issue. Check the IAM/Role policies that you are using. A quick check is to add

AmazonDynamoDBFullAccess 

policy in your role by going to "Permissions" tab in AWS console. If it works after that then it means you need to create a right access policy and attach it to your role.

Answer 2

Check the access key you are using to connect to DynamoDB in your Node app on AWS. This access key will belong to a user that does not have the necessary privileges in IAM. So, find the IAM user, create or update an appropriate policy and you should be good.

For Beanstalk you need to setup user policies when you publish. Check out the official docs here.

And check out the example from here too, courtesy of @Tirath Shah.

Answer 3

Granting full dynamodb access using aws managed policy AmazonDynamoDBFullAccess is not recommended and is not a best practice. Try adding your table arn in the resource key in the policy in your role policy json.

"Resource": "arn:aws:dynamodb:<region>:<account_id>:table:/dynamodb_table_name"