User is not authorized to perform: dynamodb:PutItem on resource

node.js amazon-web-services amazon-dynamodb aws-sdk aws-cli
56,244

Solution 1

The dynamoDB access denied is generally a Policy issue. Check the IAM/Role policies that you are using. A quick check is to add 

AmazonDynamoDBFullAccess

policy in your role by going to "Permissions" tab in AWS console. If it works after that then it means you need to create a right access policy and attach it to your role.

Solution 2

Check the access key you are using to connect to DynamoDB in your Node app on AWS. This access key will belong to a user that does not have the necessary privileges in IAM. So, find the IAM user, create or update an appropriate policy and you should be good.

For Beanstalk you need to setup user policies when you publish. Check out the official docs here.

And check out the example from here too, courtesy of @Tirath Shah.

Solution 3

Granting full dynamodb access using aws managed policy AmazonDynamoDBFullAccess is not recommended and is not a best practice. Try adding your table arn in the resource key in the policy in your role policy json.

"Resource": "arn:aws:dynamodb:<region>:<account_id>:table:/dynamodb_table_name"
Share:
56,244
Tirath Shah
Author by

Tirath Shah

Updated on July 09, 2022

Comments

  • Tirath Shah
    Tirath Shah almost 2 years

    I am trying to access DynamoDB from my Node app deployed on AWS ElasticBeanStalk. I am getting an error

    User is not authorized to perform: dynamodb:PutItem on resource

    It works perfectly fine locally, but when I deploy to the AWS it stops performing.

  • Tirath Shah
    Tirath Shah over 8 years
    The same access key works perfectly locally. I also created a similar user as local with similar privileges and even that did not work
  • smcstewart
    smcstewart over 8 years
    Are you using dynamodb-local for local development? Have you hard-coded the keys into the app? Or do you get them from the environment? If they are not hard-coded, try them out explicitly hard-coded. See if you can verify that the key and secret are exactly as you expect. Do other ops work, such as GetItem etc?
  • Tirath Shah
    Tirath Shah over 8 years
    Currently its hard-coded in the ~/.aws/credentials file.. I haven't tried getItem from the app.. But I tried it on the command line from the same machine and I was able to get all the items from the DB
  • smcstewart
    smcstewart over 8 years
    Hard code it into your app and give it a bash. I have a gut feeling that the credentials aren't making it into your node app.
  • Tirath Shah
    Tirath Shah over 8 years
    I do know that these credentials usually get pulled from ~/.aws/credentials.. I am not sure where to hard code that the app can pull the credentials
  • smcstewart
    smcstewart over 8 years
    And which user are you running your node app under in Beanstalk? You will have set a role when you published to Beanstalk. This role needs to have the policy privileges for PutItem etc.
  • smcstewart
    smcstewart over 8 years
    Have updated the answer with link to docs re: setting up permissions in Beanstalk.
  • Tirath Shah
    Tirath Shah over 8 years
    Thanks! I have been playing around with the policy, but I'm not very sure how to attach the policy
  • Tirath Shah
    Tirath Shah over 8 years
    Ugh it finally worked!! This link helped docs.aws.amazon.com/elasticbeanstalk/latest/dg/…
  • smcstewart
    smcstewart over 8 years
    You are welcome Tirath. I've updated my answer to include your example too so anyone with similar issues can get the answer quickly.
  • Tirath Shah
    Tirath Shah about 8 years
    Hey, how you doing? By any chance, would you be able to answer this? stackoverflow.com/questions/35811483/…
  • smcstewart
    smcstewart about 8 years
    Sorry Tirath, I've just got back from holidays. Did you get it resolved?
  • Tirath Shah
    Tirath Shah about 8 years
    Yes, I figured it out. Thanks!
  • Dan Salo
    Dan Salo over 6 years
    Although AmazonDynamoDBFullAccess should work, it is better practice to grant permissions only for the functions that you expect to call, which in this case is dynamodb:PutItem. This can help avoid unintended calls and consequences. Here is the full list of possible permission.
  • Thom
    Thom over 6 years
    @DanSalo Reading the poster's comment, I think he was saying to add FullAccess to see if that solved the problem. If it did, you then know it's a permissions problem and can then tune your permissions appropriately.
  • JJ Roman
    JJ Roman about 6 years
    In my case needed role was AWSLambdaInvocation-DynamoDB

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to support transactions in dynamoDB with javascript aws-sdk?
How to insert json in dynamodb
DynamoDB : SET list_append not working using aws sdk
400 Bad Request response: KeyConditionExpression parameter must be specified in the request
AWS Boto3 - User is not authorized to perform sts::AssumeRole on resource?
AWS DynamoDB query not filtering on BOOL value
Recursive Fetch All Items In DynamoDB Query using Node JS
Uncaught reference error: AWS not defined
Accessing data on Amazon's DynamoDB via JavaScript
AWS Dynamodb: Is it possible to make a query only using sort key