Warning: file_get_contents(/data/phpspider/zhask/data//catemap/8/variables/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon web services UpdateItem-拒绝访问_Amazon Web Services_Amazon Dynamodb_Amazon Iam_Aws Mobilehub - Fatal编程技术网
Fatal编程技术网

Amazon web services UpdateItem-拒绝访问

amazon-web-services amazon-dynamodb

Amazon web services UpdateItem-拒绝访问,amazon-web-services,amazon-dynamodb,amazon-iam,aws-mobilehub,Amazon Web Services,Amazon Dynamodb,Amazon Iam,Aws Mobilehub,编辑: 我将leadingkey从userId更新为sub,根据AWS文档,它应该与登录用户ie${cognito identity.amazonaws.com:sub}中的userId匹配,但仍然不起作用 我通过MobileHub设置了一个DynamoDB表,直到今天我删除了我的Cognito池并创建了一个新的Cognito池,我才能够将项目放在上面。这张桌子的分数很高。UserDetails表不受影响 我能够进行身份验证并获取需要“auth”访问的资源,但由于某些原因,在尝试PutItem时

编辑:

我将leadingkey从userId更新为sub,根据AWS文档,它应该与登录用户ie
${cognito identity.amazonaws.com:sub}
中的userId匹配,但仍然不起作用

我通过MobileHub设置了一个DynamoDB表,直到今天我删除了我的Cognito池并创建了一个新的Cognito池,我才能够将项目放在上面。这张桌子的分数很高。UserDetails表不受影响

我能够进行身份验证并获取需要“auth”访问的资源,但由于某些原因,在尝试PutItem时,访问被拒绝

错误是:

错误域=com.amazonaws.awsservicerrordomain代码=6“(空)” UserInfo={uuuu type=com.amazon.coral.service#AccessDeniedException, 消息=用户: arn:aws:sts::123456789012:假定角色/appName\u auth\u MOBILEHUB\u AppId/CognitoIdentityCredentials 未被授权在资源上执行:dynamodb:UpdateItem: arn:aws:dynamodb:us-west-1:123456789012:table/appName mobilehub appId HighScore}

以下是我的IAM政策:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:BatchGetItem",
                "dynamodb:DescribeTable",
                "dynamodb:GetItem",
                "dynamodb:ListTables",
                "dynamodb:Query",
                "dynamodb:Scan"
            ],
            "Resource": [
                "arn:aws:dynamodb:us-west-1:123456789012:table/appName-mobilehub-appId-HighScore",
                "arn:aws:dynamodb:us-west-1:123456789012:table/appName-mobilehub-appId-UserDetails"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:BatchWriteItem",
                "dynamodb:DeleteItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem"
            ],
            "Resource": [
                "arn:aws:dynamodb:us-west-1:123456789012:table/appName-mobilehub-appId-HighScore",
                "arn:aws:dynamodb:us-west-1:123456789012:table/appName-mobilehub-appId-UserDetails"
            ],
            "Condition": {
                "ForAllValues:StringEquals": {
                    "dynamodb:LeadingKeys": [
                        "${cognito-identity.amazonaws.com:sub}"
                    ]
                }
            }
        }
    ]
}
这里似乎有一个细粒度访问控制的错误,因为删除条件语句(即使在更改它以使其与表的键匹配之后)解决了这个问题。

这个问题解决了吗?