来自Android的AWS DynamoDB访问,对表的访问被拒绝
我试图在NoSQL DynamoDB上执行CRUD操作,我最初没有在AWS Mobile Hub上将CognitoPool与我的项目集成,但我没有这样做,而是在我的项目的“raw”目录中替换了我的json文件。DB是完全公开的,无论是读还是写,但出于某种原因,我一直收到以下错误:来自Android的AWS DynamoDB访问,对表的访问被拒绝,android,amazon-web-services,Android,Amazon Web Services,我试图在NoSQL DynamoDB上执行CRUD操作,我最初没有在AWS Mobile Hub上将CognitoPool与我的项目集成,但我没有这样做,而是在我的项目的“raw”目录中替换了我的json文件。DB是完全公开的,无论是读还是写,但出于某种原因,我一直收到以下错误: com.amazonaws.AmazonServiceException: User: arn:aws:sts::1234567890:assumed-role/shoppinglist_unauth_MOBILEHU
com.amazonaws.AmazonServiceException: User: arn:aws:sts::1234567890:assumed-role/shoppinglist_unauth_MOBILEHUB_1234567890/CognitoIdentityCredentials is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east-1:1234567890:table/ShoppingLists (Service: AmazonDynamoDB; Status Code: 400; Error Code: AccessDeniedException; Request ID: BQ0HAP7PUGO6AUC04LOHUND1V3VV4KQNSO5AEMVJF66Q9ASUAAJG)
出于安全考虑,我已将所有识别号码改为1234567890
这是我的.json文件:
{
"UserAgent": "MobileHub/1.0",
"Version": "1.0",
"CredentialsProvider": {
"CognitoIdentity": {
"Default": {
"PoolId": "us-east-1******************,
"Region": "us-east-1"
}
}
},
"IdentityManager": {
"Default": {}
},
"CognitoUserPool": {
"Default": {
"PoolId": "us-east-1_*******",
"AppClientId": "5lg571jsd60ruvair8jiqpefbs",
"AppClientSecret": "bqn8edlp19gfgogfhf4j9qg1mq8u8ftpb328f652n0451gl2dnt",
"Region": "us-east-1"
}
},
"DynamoDBObjectMapper": {
"Default": {
"Region": "us-east-1"
}
},
"PinpointAnalytics": {
"Default": {
"AppId": "27e0f3ee2e63419c9dc8f18f23a294fe",
"Region": "us-east-1"
}
},
"PinpointTargeting": {
"Default": {
"Region": "us-east-1"
}
}
}
这是我的主活动类中的onCreate()方法
AWSMobileClient.getInstance().initialize(this, awsStartupResult ->
Log.d("YourMainActivity", "AWSMobileClient is instantiated and you are connected to AWS!"))
.execute();
// Instantiate a AmazonDynamoDBMapperClient
AmazonDynamoDBClient dynamoDBClient = new AmazonDynamoDBClient(AWSMobileClient.getInstance().getCredentialsProvider());
this.dynamoDBMapper = DynamoDBMapper.builder()
.dynamoDBClient(dynamoDBClient)
.awsConfiguration(AWSMobileClient.getInstance().getConfiguration())
.build();
Runnable runnable = () -> {
dbClient = new AmazonDynamoDBClient(AWSMobileClient.getInstance().getCredentialsProvider());
// Create a table reference
dbTable = Table.loadTable(dbClient, "ShoppingLists");
Document memo = new Document();
memo.put("Apple", "apple");
dbTable.putItem(memo);
};
Thread myThread = new Thread(runnable);
myThread.start();
我的build.gradle应该包含正确的依赖项,它们在这里,尽管它可能有点混乱:
implementation fileTree(include: ['*.jar'], dir: 'libs')
implementation 'com.android.support:appcompat-v7:27.1.1'
implementation 'com.android.support.constraint:constraint-layout:1.1.0'
testImplementation 'junit:junit:4.12'
androidTestImplementation 'com.android.support.test:runner:1.0.1'
androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.1'
implementation 'com.android.support:recyclerview-v7:27.1.1'
implementation ('com.amazonaws:aws-android-sdk-mobile-client:2.6.+@aar') { transitive = true }
implementation 'com.amazonaws:aws-android-sdk-core:2.6.18'
implementation 'com.amazonaws:aws-android-sdk-s3:2.6.18'
implementation 'com.amazonaws:aws-android-sdk-ddb:2.6.18'
implementation 'com.amazonaws:aws-android-sdk-ddb-mapper:2.6.18'
compile 'com.amazonaws:aws-android-sdk-core:2.6.18'
compile 'com.amazonaws:aws-android-sdk-ddb:2.6.18'
compile 'com.amazonaws:aws-android-sdk-ddb-document:2.4.4'
// Mobile Client for initializing the SDK
implementation ('com.amazonaws:aws-android-sdk-mobile-client:2.6.+@aar') { transitive = true }
// Cognito UserPools for SignIn
implementation 'com.android.support:support-v4:27.1.1'
implementation ('com.amazonaws:aws-android-sdk-auth-userpools:2.6.+@aar') { transitive = true }
// Sign in UI Library
implementation 'com.android.support:appcompat-v7:27.1.1'
implementation ('com.amazonaws:aws-android-sdk-auth-ui:2.6.+@aar') { transitive = true }
据我所知,这应该可以很好地工作,我在这里得到了另一个有用的人的帮助,使它能够连接到AWS,它在某一点上确实做到了,但我似乎无法访问该表
我想我有两个问题,有没有可能在完全没有Cognito池的情况下,让它完全不安全呢?如果没有,我该如何让它与Cognito池一起工作?cognito池应该有与之关联的用户名吗?让我试着回答你的问题 1) 没有Cognito身份池,你能做到这一点吗?答案是肯定的。这并不自动意味着它不安全-您可以使用为IAM用户设置的AWS凭据。然而,最佳实践是使用Cognito标识池,它将为您提供短期有效的临时AWS凭证 2) 创建Cognito标识池时,会自动创建两个角色(名为auth和unauth)。“auth”角色适用于有登录用户的情况(例如,使用Facebook等社交登录登录并通过身份池与AWS联合),而“unauth”角色适用于尚未登录的用户。您可以使用IAM策略微调这些角色的访问权限,以最适合应用程序的需要
请参阅本页()了解如何使其工作的具体说明。这一点加上另一个人,你们让我度过了美好的一天。这很有效,非常感谢!