From @ohenneken on Thu Dec 28 2017 00:02:55 GMT+0000 (UTC)
Hi Jay,
Well one error, for a create_favorite call gives this errors back on the
client:
app.js:118495 Uncaught (in promise) TypeError: Failed to execute ‘fetch’ on
‘Window’: Request with GET/HEAD method cannot have body.
at _callee3$ (
http://localhost:8080/app.js?40601732f7eafe02cf81:118495:20)
at tryCatch (http://localhost:8080/app.js?40601732f7eafe02cf81:98834:40)
at Generator.invoke [as _invoke] (
http://localhost:8080/app.js?40601732f7eafe02cf81:99068:22)
at Generator.prototype.(anonymous function) [as next] (
http://localhost:8080/app.js?40601732f7eafe02cf81:98886:21)
at step (http://localhost:8080/app.js?40601732f7eafe02cf81:23870:30)
at http://localhost:8080/app.js?40601732f7eafe02cf81:23881:13
at
app.js:115097 Error: User:
arn:aws:sts::891130555436:assumed-role/Cognito_bwisenotesappAuth_Role/CognitoIdentityCredentials
is not authorized to perform: dynamodb:PutItem on resource:
arn:aws:dynamodb:us-east-2:891130555436:table/create_favorite
at Request.extractError (app.js:14915)
at Request.callListeners (app.js:17842)
at Request.emit (app.js:17814)
at Request.emit (app.js:16471)
at Request.transition (app.js:15810)
at AcceptorStateMachine.runTo (app.js:21186)
at app.js:21198
at Request. (app.js:15826)
at Request. (app.js:16473)
at Request.callListeners (app.js:17852)
I suppose there is something not ok with the IAM roles & policies?
For example: the role for the error above was set like so:
{
“Version”: “2012-10-17”,
“Statement”: [
{
“Effect”: “Allow”,
“Action”: [
“mobileanalytics:PutEvents”,
“cognito-sync:",
"cognito-identity:”
],
“Resource”: [
“"
]
},
{
“Effect”: “Allow”,
“Action”: [
"s3:”
],
“Resource”: [
“arn:aws:s3:::bwise-notes/${cognito-identity.amazonaws.com:
sub}"
]
},
{
“Effect”: “Allow”,
“Action”: [
“execute-api:Invoke”
],
“Resource”: [
"arn:aws:execute-api:us-east-1::61u3er5pth/"
]
},
{
“Action”: [
“dynamodb:DescribeTable”,
“dynamodb:Query”,
“dynamodb:Scan”,
“dynamodb:GetItem”,
“dynamodb:PutItem”,
“dynamodb:UpdateItem”,
“dynamodb:DeleteItem”
],
“Resource”:
["arn:aws:dynamodb:us-east-1::","arn:aws:dynamodb:us-east-1:”],
“Effect”: “Allow”
},
{
“Effect”: “Allow”,
“Action”: [
“dynamodb:DescribeTable”,
“dynamodb:Query”,
“dynamodb:Scan”,
“dynamodb:GetItem”,
“dynamodb:PutItem”,
“dynamodb:UpdateItem”,
“dynamodb:DeleteItem”
],
“Resource”: [
“arn:aws:dynamodb:us-east-2:891130555436:table/regulators”,
“arn:aws:dynamodb:us-east-2:891130555436:table/regulation_changes”,
“arn:aws:dynamodb:us-east-2:891130555436:table/policy_statements”,
“arn:aws:dynamodb:us-east-2:891130555436:table/policies”,
“arn:aws:dynamodb:us-east-2:891130555436:table/favorites”,
“arn:aws:dynamodb:us-east-2:891130555436:.”
],
“Condition”: {
“ForAllValues:StringEquals”: {
“dynamodb:LeadingKeys”: [
“${www.amazon.com:user_id}”
]
}
}
}
]
}
I tried to set these very liberal though, but the AWS documentation is
overwhelming at that point i think and not clear enough.
Met vriendelijke groet,
Oscar Henneken