Padraig
01/24/2022, 11:38 PMAccessDeniedException: User: arn:aws:sts::784381721788:assumed-role/prod-hulacorn-api-ApiLambdaPUTvotesidServiceRoleA3-GZY178NMJ59Y/prod-hulacorn-api-ApiLambdaPUTvotesid95CB421A-bePQRQW1c2iD is not authorized to perform: dynamodb:UpdateItem on resource: arn:aws:dynamodb:us-east-1:784381721788:table/Podge-hulacorn-Problems
Im not using any authentication setup(cognito)
I'm using as per the guide
this.api.attachPermissions([table]);
anyone got any ideas what might cause this discrepancy?Omi Chowdhury
01/24/2022, 11:45 PMOmi Chowdhury
01/24/2022, 11:50 PMnew Function(this, 'myFunc', {
handler: `blah.handler`,
permissions: [dynamodbTable, 'grantReadWriteData'],
});
Derek Kershner
01/24/2022, 11:51 PMOmi Chowdhury
01/24/2022, 11:52 PMDerek Kershner
01/24/2022, 11:52 PMOmi Chowdhury
01/24/2022, 11:53 PMDerek Kershner
01/24/2022, 11:54 PMthis.api.attachPermissions([table, "grantReadWriteData"]);
Frank
package.josn
.Padraig
01/25/2022, 9:38 AMPadraig
01/25/2022, 9:39 AMPadraig
01/25/2022, 11:13 AMDerek Kershner
01/25/2022, 3:38 PMUpdateItem
Omi Chowdhury
01/25/2022, 3:45 PMPadraig
01/25/2022, 6:53 PMimport * as sst from "@serverless-stack/resources";
import { CorsHttpMethod } from "@aws-cdk/aws-apigatewayv2";
export default class ApiStack extends sst.Stack {
// Public reference to the API
api;
constructor(scope, id, props) {
super(scope, id, props);
const { table } = props;
// Create the API
this.api = new sst.Api(this, "Api", {
customDomain: scope.stage === "prod" ? "<http://api.votes.hulacorn.com|api.votes.hulacorn.com>" : undefined,
defaultAuthorizationType: sst.ApiAuthorizationType.NONE,
defaultFunctionProps: {
environment: {
TABLE_NAME: table.tableName,
},
},
cors: {
allowHeaders: ['*'],
allowOrigins: ['*'],
allowMethods: [CorsHttpMethod.PUT,CorsHttpMethod.GET,<http://CorsHttpMethod.POST|CorsHttpMethod.POST>, CorsHttpMethod.PATCH, CorsHttpMethod.DELETE, CorsHttpMethod.OPTIONS],
},
routes: {
"PUT /votes/{id}": "src/vote.update",
},
});
this.api.attachPermissions([table]);
// Show the API endpoint in the output
this.addOutputs({
ApiEndpoint: this.api.customDomainUrl || this.api.url,
});
}
}
Padraig
01/25/2022, 6:53 PMimport ApiStack from "./ApiStack";
import FrontendStack from "./FrontendStack";
import StorageStack from "./StorageStack";
export default function main(app) {
// Set default runtime for all functions
const storageStack = new StorageStack(app, "storage");
app.setDefaultFunctionProps({
runtime: "nodejs12.x"
});
// n//ew MyStack(app, "my-stack");
const apiStack = new ApiStack(app, "api", {
table: storageStack.table,
});
// Add more stacks
new FrontendStack(app, "frontend", {
bucket: storageStack.bucket,
api: apiStack.api,
});
Padraig
01/25/2022, 6:54 PM{
"name": "hulacorn",
"version": "0.1.0",
"private": true,
"scripts": {
"test": "sst test",
"start": "sst start",
"build": "sst build",
"deploy": "sst deploy",
"remove": "sst remove"
},
"eslintConfig": {
"extends": [
"serverless-stack"
]
},
"devDependencies": {
"@aws-cdk/assert": "1.138.0"
},
"dependencies": {
"@aws-cdk/core": "1.138.0",
"@serverless-stack/cli": "0.57.2",
"@serverless-stack/resources": "0.57.2",
"aws-amplify": "^4.3.12",
"winston": "^3.4.0",
"winston-cloudwatch": "^3.1.1"
}
}
Padraig
01/25/2022, 6:54 PMFrank
sst build
and share the template.json file inside .build/cdk.out
?Padraig
01/25/2022, 7:24 PMPadraig
01/25/2022, 7:31 PMPadraig
01/25/2022, 7:31 PMDerek Kershner
01/25/2022, 7:34 PMFrank
sst start
works, it should work for sst deploy
b/c they use the same IAM role.Frank
Podge-hulacorn-storage
stack > look up ExportsOutputFnGetAttProblemsTableE6664882Arn5B6AF7A2
under the Outputs tab.Padraig
01/25/2022, 8:00 PMPadraig
01/25/2022, 8:01 PMPadraig
01/25/2022, 8:09 PMJay
Padraig
02/06/2022, 9:56 PMPadraig
02/06/2022, 9:56 PMPadraig
02/06/2022, 9:57 PMPadraig
02/06/2022, 9:57 PMJay
Padraig
02/07/2022, 9:46 PMPadraig
02/07/2022, 9:46 PMPadraig
02/07/2022, 9:47 PMPadraig
02/07/2022, 9:47 PMJay