无法访问 DynamoDB 表

Question

我正在关注此tutorial 并按照说明设置了 DynamoDB 表和权限，但应用程序崩溃时说：

CognitoIdentityCredentials 无权执行：dynamodb:UpdateItem on resource:arn:aws:dynamodb:us-east-1:some_number:table/Books”（我尝试访问的表位于 us-west-2 )。

请在下面找到代码和错误：

代码：

setContentView(R.layout.activity_main);
Runnable runnable = new Runnable() {
    public void run() {
        //DynamoDB calls go here
        CognitoCachingCredentialsProvider credentialsProvider=new CognitoCachingCredentialsProvider(getApplicationContext(),"us-west-2:some_num", Regions.US_WEST_2);
        AmazonDynamoDBClient ddbClient = new AmazonDynamoDBClient(credentialsProvider);
        DynamoDBMapper mapper = new DynamoDBMapper(ddbClient);
        Book book = new Book();
        book.setTitle("Great Expectations");
        book.setAuthor("Charles Dickens");
        book.setPrice(1299);
        book.setIsbn("12345678901");
        book.setHardCover(false);
        mapper.save(book);
        Toast.makeText(MainActivity.this,String.valueOf(mapper), Toast.LENGTH_LONG).show();
    }
};
Thread mythread = new Thread(runnable);
mythread.start();

错误：

E/AndroidRuntime: FATAL EXCEPTION: Thread-9530
Process: com.example.imb_bng_04.dynamodb, PID: 30264
com.amazonaws.AmazonServiceException: User: arn:aws:sts::some_number:assumed-role/Cognito_sampleapp2Unauth_Role/CognitoIdentityCredentials is not authorized to perform: dynamodb:UpdateItem on resource: arn:aws:dynamodb:us-east-1:some-number:table/Books (Service: AmazonDynamoDB;
Status Code: 400; Error Code: AccessDeniedException; Request ID: NMSNFJB24D6G3MO8RL6H624FA)
at com.amazonaws.http.AmazonHttpClient.handleErrorResponse(AmazonHttpClient.java:712)
at com.amazonaws.http.AmazonHttpClient.executeHelper(AmazonHttpClient.java:388)
at com.amazonaws.http.AmazonHttpClient.execute(AmazonHttpClient.java:199)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.invoke(AmazonDynamoDBClient.java:4181)
at com.amazonaws.services.dynamodbv2.AmazonDynamoDBClient.updateItem(AmazonDynamoDBClient.java:1582)
at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper$SaveObjectHandler.doUpdateItem(DynamoDBMapper.java:1173)
at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper$2.executeLowLevelRequest(DynamoDBMapper.java:873)
at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper$SaveObjectHandler.execute(DynamoDBMapper.java:1056)
at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper.save(DynamoDBMapper.java:904)
at com.amazonaws.mobileconnectors.dynamodbv2.dynamodbmapper.DynamoDBMapper.save(DynamoDBMapper.java:688)
at com.example.imb_bng_04.dynamodb.MainActivity$1$override.run(MainActivity.java:32)
at com.example.imb_bng_04.dynamodb.MainActivity$1$override.access$dispatch(MainActivity.java)
at com.example.imb_bng_04.dynamodb.MainActivity$1.run(MainActivity.java:0)
at java.lang.Thread.run(Thread.java:818)
01-27 18:10:16.004 1430-4135/? E/ActivityManager: Invalid thumbnail dimensions: 0x0

对此的任何帮助将不胜感激。

Answer 1

您可能没有创建策略，在 AWS 上，除非有人另有定义，否则任何操作都是被禁止的。

转到“IAM”（将 URL 更改为您所在的地区 - https://console.aws.amazon.com/iam/home?region=us-east-1）

在左侧菜单中单击“策略”，然后单击“创建策略”并选择“创建您自己的策略”

在策略名称和描述处写下你想要的，并在策略文档中插入：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:*"
            ],
            "Resource": [
                "arn:aws:dynamodb:*:table/YOUR_TABLE_NAME"
            ]
        }
    ]
}

现在转到用户： https://console.aws.amazon.com/iam/home?region=us-east-1#/users/

选择您为其创建凭据的用户，单击“权限”选项卡并单击“添加权限”，然后单击“直接附加现有策略”

选择您创建的策略并重试

Answer 2

我遵循相同的教程并遇到了同样的问题。最后，AWS 论坛上有人指出，本教程假设您在制作 AmazonDynamoDB 客户端对象时位于 US-East1 地区。

我必须对教程代码进行以下调整才能使其正常工作（根据您所在的地区进行调整）：

            AmazonDynamoDBClient ddbClient = Region.getRegion(Regions.US_WEST_1) // CRUCIAL
            .createClient(
                    AmazonDynamoDBClient.class,
                    credentialsProvider,
                    new ClientConfiguration()
            );