问题
I am trying to insert to my DynamoDB table using Cognito user Id and I am getting always "AccessDeniedException". I followed documentation and created table and policy for it as below. What is missing here. Please see the full stack information and request ID.
Table has UserId as Hashkey and id as rangekey
Policy:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:BatchGetItem",
"dynamodb:BatchWriteItem",
"dynamodb:DeleteItem",
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Query",
"dynamodb:UpdateItem"
],
"Resource": [
"arn:aws:dynamodb:us-east-1:1828211111:table/Table"
],
"Condition": {
"ForAllValues:StringEquals": {
"dynamodb:LeadingKeys": [
"${cognito-identity.amazonaws.com:sub}"
]
}
}
}
]
}
Code to save data:
AWS.DynamoDBhelper.Credentials.AddLogin(Helpers.Constants.KEY_LAST_USED_PROVIDER,Helpers.Settings.LoginAccessToken );
var identityId = await AWS.DynamoDBhelper.Credentials.GetIdentityIdAsync();
var client = new Amazon.DynamoDBv2.AmazonDynamoDBClient(AWS.DynamoDBhelper.Credentials, Amazon.RegionEndpoint.USEast1);
Amazon.DynamoDBv2.DataModel.DynamoDBContext context = new Amazon.DynamoDBv2.DataModel.DynamoDBContext(client);
AWS.Table table= new AWS.Table();
table.UserId = identityId;
table.id = "1";
await context.SaveAsync(table);
ex = {Amazon.DynamoDBv2.AmazonDynamoDBException: assumed-role/ _auth_MOBILEHUB/CognitoIdentityCredentials is not authorized to perform: dynamodb:DescribeTable on resource: arn:aws:dynamodb:us-east-1
Model:
[DynamoDBTable("Table")]
public class Table
{
[DynamoDBHashKey]
public string UserId { get; set; }
[DynamoDBRangeKey]
public string id { get; set; }
}