如何解决在DynamoDB中将Index arn添加到sam yml文件
我正在尝试通过对表具有全部访问权限的用户访问我的DynamoDB。
但是,我无法在LSI中查询同一张表。它说用户没有查询索引的权限。
我检查了文档,发现索引需要像arn:aws:dynamodb:region:account-id:table / table-name / index / index-name一样单独定义
但是我不确定如何在cloudformation yml文件中定义它。
BooksTable:
Type: AWS::DynamoDB::Table
DeletionPolicy: Retain
Properties:
TableName:
Fn::Sub: ${SamStackPrefix}${Stage}-BooksTable
BillingMode: PAY_PER_REQUEST
KeySchema:
- AttributeName: hashKey
KeyType: HASH
- AttributeName: rangeKey
KeyType: RANGE
LocalSecondaryIndexes:
- IndexName: LSI1
KeySchema:
- AttributeName: hashKey
KeyType: HASH
- AttributeName: clientToken
KeyType: RANGE
Projection:
ProjectionType: ALL
AttributeDefinitions:
- AttributeName: hashKey
AttributeType: S
- AttributeName: rangeKey
AttributeType: S
- AttributeName: clientToken
AttributeType: S
StreamSpecification:
StreamViewType: NEW_AND_OLD_IMAGES
TimeToLiveSpecification:
AttributeName: expirationTime
Enabled: true
Outputs:
BooksTableName:
Description: books table.
Value:
!Ref BooksTable
Export:
Name:
Fn::Sub: ${SamStackPrefix}${Stage}-BooksTableName
BooksTableArn:
Description: Arn for books DynamoDB Table
Value:
Fn::GetAtt: [ BooksTable,Arn ]
Export:
Name:
Fn::Sub: ${SamStackPrefix}${Stage}-BooksTableArn
BooksTableStreamArn:
Description: The DDB stream for the books table.
Value:
Fn::GetAtt: [BooksTable,StreamArn]
Export:
Name:
Fn::Sub: ${SamStackPrefix}${Stage}-BooksStreamArn
IAM政策
Policies:
- PolicyDocument:
Statement:
- Action: ['dynamodb:PutItem','dynamodb:ConditionCheckItem','dynamodb:Query','dynamodb:GetItem','dynamodb:UpdateItem']
Effect: Allow
Resource:
- Fn::GetAtt: [BooksTable,Arn]
如何将LSI添加到资源列表中,以便我可以使用该ARN在策略文档中添加权限。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。