AWS DynamoDB Problem: The user is not allowed to execute: dynamodb: PutItem on the resource

Question

AWS DynamoDB Problem: The user is not allowed to execute: dynamodb: PutItem on the resource

I am trying to access DynamoDB from my Node application deployed on AWS ElasticBeanStalk. I get the error message "User is not authorized to execute: dynamodb: PutItem on resource"

It works fine locally, only when I deploy AWS does it stop running.

Does anyone know a fix? Thanks in advance!

+14

node.js amazon-web-services amazon-dynamodb aws-sdk aws-cli

Tirath shah Jan 14 '16 at 8:31

source share

3 answers

Abhimanu kumar · Answer 1 · 2017-01-11T00:25:55+0000

Denied access to dynamoDB is usually a policy issue. Check the IAM / Role policies that you use. A quick check is to add

AmazonDynamoDBFullAccess

in your role by going to the Permissions tab in the AWS console. If after that it works, then you need to create the correct access policy and attach it to your role.

smcstewart · Answer 2 · 2016-01-14T15:27:33+0000

Check the passkey that you use to connect to DynamoDB in your Node application on AWS. This access key will belong to a user who does not have the necessary privileges in IAM. So, find the IAM user, create or update the appropriate policy, and you should be fine.

For Beanstalk, you need to configure user rules when publishing. Check out the white papers here .

And look at an example from here too , kindly provided by @ Tirat Shah.

Adiii · Answer 3 · 2019-01-04T14:49:09+0000

The answer has already been given, but it is best practice to use the policy for your user or AWS role.

Get an object only from a specific table

 { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "dynamodb:DescribeTable", "dynamodb:GetItem" ], "Resource": "arn:aws:dynamodb:us-west-2:<account_number>:table/dev-panels" } ] }

Check

 aws dynamodb describe-table --table-name dev-panels

Put object

  { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "dynamodb:DescribeTable", "dynamodb:PutItem" ], "Resource": "arn:aws:dynamodb:us-west-2:<account_number>:table/dev-panels" } ] }

Allow all actions on one table.

 { "Version": "2012-10-17", "Statement": [ { "Sid": "AllAPIActionsOnBooks", "Effect": "Allow", "Action": "dynamodb:*", "Resource": "arn:aws:dynamodb:us-west-2:123456789012:table/<youtable_name>" } ] }

To check a role or user

 aws dynamodb put-item --table-name dev-panels --item file://user.json --return-consumed-capacity TOTAL

user.json

  { "Name": {"S": "adiii"}, }

AWS DynamoDB Problem: The user is not allowed to execute: dynamodb: PutItem on the resource

More articles: