Hi,
I’ve gotten to this step and I’m trying to figure out where my IAM has gone south.
To recap:
- I can locally execute all the API calls with no problems
- They deploy fine to /dev
But when I run npx I get:
Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 500,
statusText: 'Internal Server Error',
data: { status: false } }
- I verified that the account created in the User Pool has access
- In Cloudwatch logs I see
AccessDeniedException: User: arn:aws:sts::[trimmed user id]:assumed-role/notes-app-api-dev-us-west-2-lambdaRole/notes-app-api-dev-create is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-west-2:[trimmed user id]:table/notes
I have a hunch it is a role issue but I believe the authenticated role noted in the Federated Identity Pool has the correct permissions per the article.
Am I missing something obvious?
Thanks
Chris