Debug permission issues and allow a lambda function to access data from a DynamoDB table

Share this video with your friends

At the end of the last lesson we've managed to create a Lambda function which we want to use to get data from DynamoDB table using the scan operation.

Unfortunately, after calling the lambda function we get a following response:

"message": "User: arn:aws:sts::696785635119:assumed-role/TodoAppStack-TodoDatabaseTodoHandlerServiceRole991-152UNT6KUIOG2/TodoAppStack-TodoDatabaseTodoHandlerDD6198FE-CPTO6AAJJU5W is not authorized to perform: dynamodb:Scan on resource: arn:aws:dynamodb:eu-central-1:696785635119:table/TodoAppStack-TodoDatabaseTodoTable29EA4913-E6Z09XSAAHF8",

In this quick lesson we're going to learn two things:

how to debug permission issues in AWS using CloudWatch
how to allow a lambda function to access data from a DynamoDB table with grantReadWriteData function (in a single line of code!)

Jonas Thiesen

~ 3 years ago

If the "todosTable.grantReadWriteData(this.handler)" gives you an error saying that "Function is incompatible with IGrantable", or something like that. Make sure your @aws-cdk dependencies are the same version! :)