【发布时间】:2020-12-14 08:45:36
【问题描述】:
我试图让这个 lambda 函数在插入新对象时读取数据库。函数是按照these steps设置的,我在命令行中给了access to the necessary operations。
但是,在 CloudWatch 上,它仍然返回 401 错误。这是函数:
const axios = require('axios');
const gql = require('graphql-tag');
const graphql = require('graphql');
const { print } = graphql;
const getFriendRequest = gql`
query GetFriendRequest($sender: ID!, $receiver: ID!) {
getFriendRequest(sender: $sender, receiver: $receiver) {
sender
receiver
createdAt
updatedAt
}
}
`
exports.handler = async (event, context) => {
//eslint-disable-line
const record = event.Records[0];
console.log(record);
if (record.eventName == "INSERT") {
try {
console.log('in the axios phase');
const graphqlData = await axios({
url: process.env.API_FITNESSPROJECT_GRAPHQLAPIENDPOINTOUTPUT,
method: 'post',
headers: {
'x-api-key': process.env.API_FITNESSPROJECT_GRAPHQLAPIIDOUTPUT
},
data: {
query: print(getFriendRequest),
variables: {
sender: JSON.stringify(record.dynamodb.NewImage.receiver.S),
receiver: JSON.stringify(record.dynamodb.NewImage.sender.S),
}
}
})
const body = {
graphqlData: graphqlData.data.data.getFriendRequest
}
console.log(graphqlData.data.data.getFriendRequest);
return {
statusCode: 200,
body: JSON.stringify(body),
headers: {
"Access-Control-Allow-Origin": "*",
}
}
} catch (err) {
console.log('error posting to appsync: ', err);
}
//read the friendrequest table to see if an opposing friend request appears
//if so, read the friendship table to see if a friendship between these two users appears
//if not, make a friendship
//if so, increment the friendship's hifives.
}
return Promise.resolve('Successfully processed DynamoDB record');
};
每当有人向表中插入新对象时,我都会尝试读取该表,但它会返回 401 错误。
编辑:这里是权限政策。
- 放大 lambda 执行策略
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"appsync:Create*",
"appsync:StartSchemaCreation",
"appsync:GraphQL",
"appsync:Get*",
"appsync:List*",
"appsync:Update*",
"appsync:Delete*"
],
"Resource": [
"arn:aws:appsync:us-west-2:213277979580:apis/rmzuppsajfhzlfgjehczargowa/*"
],
"Effect": "Allow"
}
]
}
- amplify-lambda-execution-policy-FriendRequest
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams"
],
"Resource": "arn:aws:dynamodb:us-west-2:213277979580:table/FriendRequest-rmzuppsajfhzlfgjehczargowa-apisecure/stream/2020-12-11T07:48:02.462",
"Effect": "Allow"
}
]
}
- amplify-lambda-execution-policy-Friendship
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"dynamodb:DescribeStream",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:ListStreams"
],
"Resource": "arn:aws:dynamodb:us-west-2:213277979580:table/Friendship-rmzuppsajfhzlfgjehczargowa-apisecure/stream/2020-12-11T07:48:02.535",
"Effect": "Allow"
}
]
}
- lambda 执行策略
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource": "arn:aws:logs:us-west-2:213277979580:log-group:/aws/lambda/connectFriendRequests-apisecure:log-stream:*",
"Effect": "Allow"
}
]
}
编辑 2:我尝试删除该功能并使用相同的权限重新制作它,但我仍然收到 401 错误。
【问题讨论】:
-
嘿肖恩。欢迎来到 Stackoverflow。您能否在 IAM 控制台中检查您的 Lambda 的角色,并检查它是否真的对 DynamoDB 表具有所需的权限?
-
谢谢。它有多个权限策略。我假设相关的是那个说“appsync:Create *,appsync:Get *”等的那个。它似乎有get和list操作。我将编辑帖子以包含这些政策。
标签: node.js aws-lambda amazon-dynamodb aws-amplify aws-appsync