dynamoDB'未找到请求的资源'访问跨aws帐户

问题描述 投票:1回答:1

让我们说我们有两个aws帐户,帐户名称是devo和prod。所以在产品上我有一个dynamoDB表,我想使用存在于devo中的lambda函数访问。现在我所做的是创建了一个prod政策,它可以完全访问dynamoDB,并将该政策附加到prod账户中的role,这使得devo成为可信账户。在devo中,我创建了一个角色,它具有lambda的完全访问权限,并附加了一个内联策略,允许假设praz的role。此外,我能够使用aws控制台通过假设在devo帐户中的角色从dynamoDB获取数据。

以下是lambda功能:

const AWS = require('aws-sdk');
var cred = new AWS.CredentialProviderChain();
var sts = new AWS.STS({credentials: cred, region: 'us-east-1'});
var crd2 ;
var params = {
  RoleArn: "arn:aws:iam::123456789012:role/crossAccount", 
  RoleSessionName: "atul"
 };
 sts.assumeRole(params, function(err, data) {
   if (err) console.log(err, err.stack); // an error occurred
   else    { 
       crd2 = data;           // successful response
       console.log("Role assured");
   }
 });

const dynamodb = new AWS.DynamoDB({apiVersion: '2012-08-10', credentials: crd2, region: 'eu-west-1', endpoint: 'https://dynamodb.eu-west-1.amazonaws.com'});

exports.handler = (event, context, callback) => {
     console.log(crd2);
     console.log("**** " + JSON.stringify(dynamodb));

    dynamodb.getItem({
        TableName: "Testing",
        Key: {
            "Id": {
                S: "1121091591"
            }
        }
    }, function(err, data) {
        if (err) {
            console.log(err, err.stack);
            callback(null, {
                statusCode: '500',
                body: err
            });
        } else {
            console.log(data);
            callback(null, {
                statusCode: '200',
                body: 'Hello '
            });
        }
    })
};

这是我得到的错误:

{
    "message": "Requested resource not found",
    "code": "ResourceNotFoundException",
    "time": "2019-03-05T17:54:35.920Z",
    "requestId": "LAN0EI8B2I6I4CVI4OUH01MI3JVV4KQNSO5AEMVJF66Q9ASUAAJG",
    "statusCode": 400,
    "retryable": false,
    "retryDelay": 11.869537309323096
  }

谢谢

node.js amazon-web-services aws-lambda amazon-dynamodb amazon-iam
1个回答
0
投票

我认为您的代码是在sts调用完成之前构建dynamodb客户端,因为AWS SDK for JavaScript是异步的。我想你可以通过添加一个长睡眠命令来测试它,看看是否能让它开始工作。一旦确定问题是否存在,AWS的此页面将帮助您更改代码以使其正常工作

https://docs.aws.amazon.com/sdk-for-javascript/v2/developer-guide/calling-services-asynchronously.html

© www.soinside.com 2019 - 2024. All rights reserved.