4_Persistance - The response is invalid when trying to 'load madlib'

Question

4_Persistance - The response is invalid when trying to 'load madlib'

reidblomquist opened this issue 8 years ago · 2 comments

Getting this response even when trying to upload the ready to go solution code (after commenting :13 and uncommenting :15) and following all the config/IAM role directions found @ https://gist.github.com/unitygirl/3b0bdc0f0826fb88448cf17ac4a7293b

Answer 1 · 2017-02-02T22:31:49.000Z

Cloudwatch output:

2017-02-02T22:26:28.441Z	a3d1a3a6-e996-11e6-8b0a-0190d499b1f7	{ [AccessDeniedException: User: arn:aws:sts::348938370180:assumed-role/basic_with_dynamodb/MadlibBuilder is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east-1:348938370180:table/madlibsData]
cause: 
{ [AccessDeniedException: User: arn:aws:sts::348938370180:assumed-role/basic_with_dynamodb/MadlibBuilder is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east-1:348938370180:table/madlibsData]
message: 'User: arn:aws:sts::348938370180:assumed-role/basic_with_dynamodb/MadlibBuilder is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east-1:348938370180:table/madlibsData',
code: 'AccessDeniedException',
time: Thu Feb 02 2017 22:06:41 GMT+0000 (UTC),
requestId: 'HJSHR3B5PU0QCM7T5VEDBFM613VV4KQNSO5AEMVJF66Q9ASUAAJG',
statusCode: 400,
retryable: false,
retryDelay: 0 },
isOperational: true,
code: 'AccessDeniedException',
time: Thu Feb 02 2017 22:06:41 GMT+0000 (UTC),
requestId: 'HJSHR3B5PU0QCM7T5VEDBFM613VV4KQNSO5AEMVJF66Q9ASUAAJG',
statusCode: 400,
retryable: false,
retryDelay: 0 }

Answer 2 · 2018-01-17T05:01:12.000Z

I've used the AWS Policy Generator to create a new policy for this Lambda function.
It seems like the service needs additional permissions not included in the example of the tutorial

Try this
(I've inlcuded all available permission, but I haven't investigated further to find out which one is necesary to add)
P.S. If you're using the code of the ready to go sample make sure to apply the changes described from chapter 7 Refactoring the madlibIntent Handler onward
as the code provided works only with dynamodb-local.

{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1516163932331", "Action": [ "dynamodb:DescribeBackup", "dynamodb:ListStreams", "dynamodb:ListBackups", "dynamodb:Query", "dynamodb:DeleteItem", "dynamodb:DeleteBackup", "dynamodb:TagResource", "dynamodb:DescribeTable", "dynamodb:CreateTable", "dynamodb:GetRecords", "dynamodb:GetShardIterator", "dynamodb:GetItem", "dynamodb:ListTagsOfResource", "dynamodb:DescribeContinuousBackups", "dynamodb:DescribeReservedCapacity", "dynamodb:PurchaseReservedCapacityOfferings", "dynamodb:DescribeTimeToLive", "dynamodb:BatchGetItem", "dynamodb:DescribeStream", "dynamodb:BatchWriteItem", "dynamodb:DeleteTable", "dynamodb:RestoreTableFromBackup", "dynamodb:DescribeLimits", "dynamodb:UpdateTable", "dynamodb:UpdateItem", "dynamodb:DescribeReservedCapacityOfferings", "dynamodb:ListTables", "dynamodb:UntagResource", "dynamodb:Scan", "dynamodb:PutItem", "dynamodb:CreateBackup" ], "Effect": "Allow", "Resource": "*" }, { "Sid": "", "Resource": "*", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Effect": "Allow" } ] }