Lets say we have two aws account, account names are devo and prod. So on prod i have a dynamoDB table, which i want to access using a lambda function which is present in devo.
Now what i did is created a policy in prod which is giving full access to dynamoDB, and attached that policy to a role in prod account which makes devo as trusted account.
In devo i created a role which is having full access of lambda and also attached an inline policy which is allowing to assume the role of prod.
Also, I am able to get the data from dynamoDB using aws console through assume role in devo account.
Below is lambda function :
const AWS = require('aws-sdk');
var cred = new AWS.CredentialProviderChain();
var sts = new AWS.STS({credentials: cred, region: 'us-east-1'});
var crd2 ;
var params = {
RoleArn: "arn:aws:iam::123456789012:role/crossAccount",
RoleSessionName: "atul"
};
sts.assumeRole(params, function(err, data) {
if (err) console.log(err, err.stack); // an error occurred
else {
crd2 = data; // successful response
console.log("Role assured");
}
});
const dynamodb = new AWS.DynamoDB({apiVersion: '2012-08-10', credentials: crd2, region: 'eu-west-1', endpoint: 'https://dynamodb.eu-west-1.amazonaws.com'});
exports.handler = (event, context, callback) => {
console.log(crd2);
console.log("**** " + JSON.stringify(dynamodb));
dynamodb.getItem({
TableName: "Testing",
Key: {
"Id": {
S: "1121091591"
}
}
}, function(err, data) {
if (err) {
console.log(err, err.stack);
callback(null, {
statusCode: '500',
body: err
});
} else {
console.log(data);
callback(null, {
statusCode: '200',
body: 'Hello '
});
}
})
};
This is the error i am getting :
{
"message": "Requested resource not found",
"code": "ResourceNotFoundException",
"time": "2019-03-05T17:54:35.920Z",
"requestId": "LAN0EI8B2I6I4CVI4OUH01MI3JVV4KQNSO5AEMVJF66Q9ASUAAJG",
"statusCode": 400,
"retryable": false,
"retryDelay": 11.869537309323096
}
Thanks
