Deploy the APIs - Access Denied Error

chrisbnyc · May 26, 2018, 12:55am

Hi,

I’ve gotten to this step and I’m trying to figure out where my IAM has gone south.

To recap:

I can locally execute all the API calls with no problems
They deploy fine to /dev

But when I run npx I get:

Authenticating with User Pool
Getting temporary credentials
Making API request
{ status: 500,
  statusText: 'Internal Server Error',
  data: { status: false } }

I verified that the account created in the User Pool has access
In Cloudwatch logs I see

AccessDeniedException: User: arn:aws:sts::[trimmed user id]:assumed-role/notes-app-api-dev-us-west-2-lambdaRole/notes-app-api-dev-create is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:us-west-2:[trimmed user id]:table/notes

I have a hunch it is a role issue but I believe the authenticated role noted in the Federated Identity Pool has the correct permissions per the article.

Am I missing something obvious?

Thanks
Chris

chrisbnyc · May 26, 2018, 10:55pm

Self - solved… the serverless.yml was malformed (the iamRoleStatements block was not indented enough and was ignored by the deploy statement)… wish it complained about that!

jayair · May 27, 2018, 10:10pm

Yeah sadly it doesn’t do that. We try to add little pointers in the various spots in the tutorial to help people catch it but it can be tricky.

chrisbnyc · May 27, 2018, 11:24pm

Thanks for the reply, yeah, I felt silly when I finally figured it out!

Topic		Replies	Views
iamRoleStatements still give 502 error after properly indented	2	799	July 24, 2019
Error: is not authorized to perform: dynamodb:Query :(	4	4536	August 24, 2020
403 error again, Sorry!	1	290	November 17, 2020
Worked then didn't work - create note Chapter Comments	2	564	March 24, 2019
Error 403 - Create a Note	4	920	January 14, 2020

Deploy the APIs - Access Denied Error

Related Topics