I’m having this AccessDenied issue related to trying to test the API.
I have followed all of the steps to debug this and as far as I can tell there is no issues with my YAML file and have followed all the other steps of the tutorial with no other issues
Here is the YAML file I have now
# NOTE: update this with your service name
service: notes-app-api
# Use the serverless-webpack plugin to transpile ES6
plugins:
- serverless-webpack
- serverless-offline
# serverless-webpack configuration
# Enable auto-packing of external modules
custom:
webpack:
webpackConfig: ./webpack.config.js
includeModules: true
provider:
name: aws
runtime: nodejs8.10
stage: dev
region: us-east-1
# To load environment variables externally
# rename env.example to env.yml and uncomment
# the following line. Also, make sure to not
# commit your env.yml.
#
#environment: ${file(env.yml):${self:provider.stage}}
functions:
# Defines an HTTP API endpoint that calls the main function in create.js
# - path: url path is /notes
# - method: POST request
# - cors: enabled CORS (Cross-Origin Resource Sharing) for browser cross
# domain api call
# - authorizer: authenticate using the AWS IAM role
create:
handler: create.main
events:
- http:
path: notes
method: post
cors: true
authorizer: aws_iam
get:
# Defines an HTTP API endpoint that calls the main function in get.js
# - path: url path is /notes/{id}
# - method: GET request
handler: get.main
events:
- http:
path: notes/{id}
method: get
cors: true
authorizer: aws_iam
list:
# Defines an HTTP API endpoint that calls the main function in list.js
# - path: url path is /notes
# - method: GET request
handler: list.main
events:
- http:
path: notes
method: get
cors: true
authorizer: aws_iam
update:
# Defines an HTTP API endpoint that calls the main function in update.js
# - path: url path is /notes/{id}
# - method: PUT request
handler: update.main
events:
- http:
path: notes/{id}
method: put
cors: true
authorizer: aws_iam
delete:
# Defines an HTTP API endpoint that calls the main function in delete.js
# - path: url path is /notes/{id}
# - method: DELETE request
handler: delete.main
events:
- http:
path: notes/{id}
method: delete
cors: true
authorizer: aws_iam
I have deployed the API endpoints with the command serverless deploy --aws-profile ***
I see the files in lambda as well as the endpoints in API gateway
In cloudwatch I see this log…
{ AccessDeniedException: User: arn:aws:sts::805584004321:assumed-role/notes-app-api-dev-us-east-1-lambdaRole/notes-app-api-dev-create is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-east-1:805584004321:table/notes
at Request.extractError (/var/runtime/node_modules/aws-sdk/lib/protocol/json.js:48:27)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:105:20)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:77:10)
at Request.emit (/var/runtime/node_modules/aws-sdk/lib/request.js:683:14)
at Request.transition (/var/runtime/node_modules/aws-sdk/lib/request.js:22:10)
at AcceptorStateMachine.runTo (/var/runtime/node_modules/aws-sdk/lib/state_machine.js:14:12)
at /var/runtime/node_modules/aws-sdk/lib/state_machine.js:26:10
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:38:9)
at Request.<anonymous> (/var/runtime/node_modules/aws-sdk/lib/request.js:685:12)
at Request.callListeners (/var/runtime/node_modules/aws-sdk/lib/sequential_executor.js:115:18)
message: 'User: arn:aws:sts::805584004321:assumed-role/notes-app-api-dev-us-east-1-lambdaRole/notes-app-api-dev-create is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-east-1:805584004321:table/notes',
code: 'AccessDeniedException',
time: 2018-05-29T14:41:59.192Z,
requestId: '7BNH5VUR6OQRT4QBOAN5MK6EVJVV4KQNSO5AEMVJF66Q9ASUAAJG',
statusCode: 400,
retryable: false,
retryDelay: 38.72307729695298 }
The YAML file I see being referenced does not look like the one that was generated when I started the tutorial (only a couple days ago) it has a bunch of other stuff so I’m a bit confused about that too