API Gateway does not have permission to assume the provided role DynamoDB

Question

I'm trying to follow this tutorial, but when I try to test the API I've created, I get the following message:

API Gateway does not have permission to assume the provided role

The API request should be posting to a DynamoDB table I've created.

I've created an IAM Role and attached the policy AmazonDynamoDBFullAccess. I've also tried attaching this policy to my administrator user.

Here is the integration request in my API:

Any help is much appreciated.

Can you please share the IAM policy you have attached to Lambda? — Vijayanath Viswanathan
I am not using a Lambda function, only API Gateway and DynamoDB. — Spencer Goff
Using an integration request with DynamoDB and it's function PutItem, as specified in the tutorial linked to in my original post. — Spencer Goff
Here is a similar more recent tutorial that has more details/screenshots, particularly including a focus on IAM (Policies, Roles, etc): medium.com/@likhita507/… — cellepo

NoloMokgosi NoloMokgosi · Accepted Answer · 2019-02-03T17:24:06

Below worked for me

Go to IAM > Roles > whateverRole > Trust Relationships > Edit Trust Relationship and add apigateway under Statements

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ec2.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "apigateway.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}

Assisted by this guy https://histerr.blogspot.com/2016/06/api-gateway-does-not-have-permission-to.html?showComment=1549214559316#c3046645274286738526

API Gateway does not have permission to assume the provided role DynamoDB

2 Answers