Search code examples
amazon-web-servicesaws-lambdaamazon-dynamodbaws-sam-cli

Not authorized to perform: dynamodb:Scan Lambda

I need to scan a dynamodb database but I keep getting this error:

"errorMessage": "An error occurred (AccessDeniedException) when calling the Scan operation: User: arn:aws:sts::747857903140:assumed-role/test_role/TestFunction is not authorized to perform: dynamodb:Scan on resource: arn:aws:dynamodb:us-east-1:747857903140:table/HelpBot"

This is my Lambda code (index.py):

import json
import boto3

client = boto3.resource('dynamodb')
table = client.Table('HelpBot')

def handler(event, context):
    table.scan()
    return {
        "statusCode": 200,
        "body": json.dumps('Hello from Lambda!')
    }

This is my SAM template (template.yml):

AWSTemplateFormatVersion: '2010-09-09'
Transform: 'AWS::Serverless-2016-10-31'
Resources:
  MyFunction:
    Type: 'AWS::Serverless::Function'
    Properties:
      Handler: index.handler
      Runtime: python3.6
      Policies:
        Version: '2012-10-17'
        Statement:
        - Effect: Allow
          Action:
          - dynamodb:Scan
          Resource: arn:aws:dynamodb:us-east-1:747857903140:table/HelpBot
Solution

  • Does you lambda role have the DynamoDB policies applied?

    Go to

    1. IAM Go to policies
    2. Choose the DynamoDB policy (try full access and then go back and restrict your permissions)
    3. From Policy Actions - Select Attach Attach it to the role that is used by your Lambda