InvalidParameterValueException:无法访问流
Posted
技术标签:
【中文标题】InvalidParameterValueException:无法访问流【英文标题】:InvalidParameterValueException: Cannot access stream 【发布时间】:2021-12-29 03:44:05 【问题描述】:我正在尝试使用 Terraform 创建一个 dynamodb 表和 lambda 触发器。这就是我定义表、角色策略和 lambda 触发器的方式:
resource "aws_dynamodb_table" "filenames"
name = local.dynamodb_table_filenames
billing_mode = "PROVISIONED"
read_capacity = 1000
write_capacity = 1000
hash_key = "filename"
stream_enabled = true
stream_view_type = "NEW_IMAGE"
#range_key = ""
attribute
name = "filename"
type = "S"
tags = var.tags
resource "aws_iam_role_policy" "dynamodb_policy"
policy = jsonencode(
Version: "2012-10-17",
Statement: [
Action: [
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:UpdateItem",
"dynamodb:Query",
"dynamodb:GetRecords",
"dynamodb:GetShardIterator",
"dynamodb:DescribeStream",
"dynamodb:ListShards",
"dynamodb:ListStreams",
],
Effect: "Allow",
Resource: aws_dynamodb_table.filenames.arn
]
)
role = aws_iam_role.processing_lambda_role.id
resource "aws_lambda_event_source_mapping" "allow_dynamodb_table_to_trigger_lambda"
event_source_arn = aws_dynamodb_table.filenames.stream_arn
function_name = aws_lambda_function.trigger_stepfunction_lambda.arn
starting_position = "LATEST"
即使我已经添加了角色中添加的相关策略,我仍然收到此错误:
error creating Lambda Event Source Mapping (arn:aws:dynamodb:eu-central-12:table/tablename/stream): InvalidParameterValueException: Cannot access stream arn:aws:dynamodb:eu-central-1:299093934558:table/4tablename/stream. Please ensure the role can perform the GetRecords, GetShardIterator, DescribeStream, ListShards, and ListStreams Actions on your stream in IAM.
我该如何解决这个问题?
【问题讨论】:
【参考方案1】:流操作适用于流,而不是表。流的 ARN 的 form 为:
arn:$Partition:dynamodb:$Region:$Account:table/$TableName/stream/$StreamLabel
因此,您应该使用(或等效的东西):
Resource: "$aws_dynamodb_table.filenames.arn/stream/*"
或更笼统地说:
Resource: "$aws_dynamodb_table.filenames.arn/*"
【讨论】:
以上是关于InvalidParameterValueException:无法访问流的主要内容,如果未能解决你的问题,请参考以下文章