Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Error when testing Lambda function - access to DynamoDB denied

See original GitHub issue

Hi. Wondering if anyone can help me with this. I’ve set up my DynamoDB table, IAM role & lambda function as per module 3, but when I am testing, i’m getting an error: AccessDeniedException: User: arn:aws:sts::515605477066:assumed-role/WildRydesLambda/RequestUnicorn is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:eu-west-2:515605477066:table/Rides

The test action i’m using is as follows:

{
    "path": "/ride",
    "httpMethod": "POST",
    "headers": {
        "Accept": "*/*",
        "Authorization": "eyJraWQiOiJLTzRVMWZs",
        "content-type": "application/json; charset=UTF-8"
    },
    "queryStringParameters": null,
    "pathParameters": null,
    "requestContext": {
        "authorizer": {
            "claims": {
                "cognito:username": "the_username"
            }
        }
    },
    "body": "{\"PickupLocation\":{\"Latitude\":47.6174755835663,\"Longitude\":-122.28837066650185}}"
}

I have some questions about this, the Authorization header and cognito:username fields, should these be set to anything in particular? I’m just leaving it as it is, is this some special setup for testing that will work for everybody or do i have to change it to a particular value for my instance?

Log output from the failing test:

START RequestId: 01a2a113-93dd-11e7-83e5-19f3f6eea54c Version: $LATEST
2017-09-07T14:58:29.181Z	01a2a113-93dd-11e7-83e5-19f3f6eea54c	Received event ( 8b5EQSyDkCFGp9ILZFk2wg ):  { path: '/ride',
  httpMethod: 'POST',
  headers: 
   { Accept: '*/*',
     Authorization: 'eyJraWQiOiJLTzRVMWZs',
     'content-type': 'application/json; charset=UTF-8' },
  queryStringParameters: null,
  pathParameters: null,
  requestContext: { authorizer: { claims: [Object] } },
  body: '{"PickupLocation":{"Latitude":47.6174755835663,"Longitude":-122.28837066650185}}' }
2017-09-07T14:58:29.252Z	01a2a113-93dd-11e7-83e5-19f3f6eea54c	Finding unicorn for  47.6174755835663 ,  -122.28837066650185
2017-09-07T14:58:30.312Z	01a2a113-93dd-11e7-83e5-19f3f6eea54c	{ AccessDeniedException: User: arn:aws:sts::515605477066:assumed-role/WildRydesLambda/RequestUnicorn is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:eu-west-2:515605477066:table/Rides
    at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:48:27)
    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
    at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)
    at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
    at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
    at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
    at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)
    at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
  message: 'User: arn:aws:sts::515605477066:assumed-role/WildRydesLambda/RequestUnicorn is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:eu-west-2:515605477066:table/Rides',
  code: 'AccessDeniedException',
  time: 2017-09-07T14:58:30.274Z,
  requestId: 'L82F6F37UM162SMU2K80ILNC8VVV4KQNSO5AEMVJF66Q9ASUAAJG',
  statusCode: 400,
  retryable: false,
  retryDelay: 1.7480077488618573 }
END RequestId: 01a2a113-93dd-11e7-83e5-19f3f6eea54c
REPORT RequestId: 01a2a113-93dd-11e7-83e5-19f3f6eea54c	Duration: 1213.33 ms	Billed Duration: 1300 ms 	Memory Size: 128 MB	Max Memory Used: 37 MB

Cheers!

Issue Analytics

State:
Created 6 years ago
Reactions:1
Comments:6 (2 by maintainers)

Top GitHub Comments

2reactions

robeastwoodcommented, Sep 11, 2017

Found it. https://github.com/awslabs/aws-serverless-workshops/blob/master/WebApplication/3_ServerlessBackend/requestUnicorn.js#L89 So the DynamoDB table is supposed to be Rides, not Rydes as I created.

Cheers for the help!

1reaction

jpignatacommented, Sep 11, 2017

Skimming this on my phone, it looks like there’s a typo in the ARN of the DynamoDB table: Rydes vs. Rides. Please check the name of the table and reconcile this and let me know if that gets you unstuck.

On Fri, Sep 8, 2017 at 2:09 PM, Rob Eastwood notifications@github.com wrote:

Sure, the role it’s set to use is this one: [image: image] https://user-images.githubusercontent.com/2145180/30225028-e2baa828-94c8-11e7-9ec9-15c19d3f9ee7.png

The policygen-WildRydesLambda-201709071043 inline policy is set to:
"Version": "2012-10-17",
"Statement": [
    {
        "Sid": "Stmt1504777341000",
        "Effect": "Allow",
        "Action": [
            "dynamodb:PutItem"
        ],
        "Resource": [
            "arn:aws:dynamodb:eu-west-2:515605477066:table/Rydes"
        ]
    }
]
}```

thanks

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/awslabs/aws-serverless-workshops/issues/41#issuecomment-328175409, or mute the thread https://github.com/notifications/unsubscribe-auth/AABNPz29Tqa2i13vHV-Pv-5HBTEXWaLLks5sgYLZgaJpZM4PP8_r .