I am getting these errors on a write to AWS Dynamo from a lambda function. I think it is something about how I have the roles linked.
message: 'User: arn:aws:sts::086883031465:assumed-role/lambda_basic_execution/awslambda_865_20160718210221776 is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-west-2:086883031465:table/DeviceReadings', code: 'AccessDeniedException', time: Mon Jul 18 2016 21:03:43 GMT+0000 (UTC), requestId: 'G0VU59A8FOA4NI0EMJSI6A50DRVV4KQNSO5AEMVJF66Q9ASUAAJG', statusCode: 400, retryable: false, retryDelay: 0 }
Here is my configuration
Lambda
Runtime - Node.js 4.3
Handler - index.handler
Role - Use an existing role
Existing Role - lambda_basic_execution
IAM
Role (created by me) - lambda_basic_execution
Policy attached to role - Accesstodynamo
InLine policies -
oneClick_lambda_basic_execution_1467010842260
oneClick_lambda_basic_execution_1467695976683
Accesstodynamo policy
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/*",
"Effect": "Allow"
},
{
"Action": [
"dynamodb:PutItem"
],
"Resource": [
"arn:aws:dynamodb:*:*:table/EC2Scheduler-OptIn"
],
"Effect": "Allow"
},
{
"Action": [
"lambda:AddPermission",
"lambda:CreateFunction",
"lambda:DeleteFunction",
"lambda:GetFunction",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"events:DeleteRule",
"events:DisableRule",
"events:EnableRule",
"events:PutEvents",
"events:PutRule",
"events:PutTargets",
"events:RemoveTargets",
"events:ListTargetsByRule",
"s3:GetObject",
"iam:PassRole"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
