I'm using the amazondax service from an AWS Lambda method, and getting an exception that indicates missing permissions - but I don't know what permissions are necessary for this. Both the Lambda method and my DAX cluster are setup with the same VPC subnets and security groups. I'm getting the following exception:
[ERROR] 2018-12-11T23:06:50.457Z 70c80374-fd99-11e8-bac1-318371e7b8ed Failed to retrieve endpoints
Traceback (most recent call last):
File "/var/task/amazondax/Cluster.py", line 211, in _pull
new_endpoints = self._pull_from(ip, port)
File "/var/task/amazondax/Cluster.py", line 222, in _pull_from
endpoints = client.endpoints()
File "/var/task/amazondax/DaxClient.py", line 192, in endpoints
return self._decode_result('endpoints', None, Assemblers.endpoints_455855874_1, tube)
File "/var/task/amazondax/DaxClient.py", line 227, in _decode_result
return self._handle_error(operation_name, tube)
File "/var/task/amazondax/DaxClient.py", line 233, in _handle_error
raise DaxServiceError(operation_name, message, codes, *exc_info)
amazondax.DaxError.DaxServiceError: An error occurred (Unknown) when calling the endpoints operation: Client does not have permission to invoke Endpoints
I assume the last line "Client does not have permission..." is the key to this, but I'm having trouble figuring out exactly what permission(s) are required.
Here is the code that is breaking:
dax = amazondax.AmazonDaxClient(session, region_name='us-east-1', endpoint_url='mydaxcluster.blahblahblah.cache.amazonaws.com:8111')
You will need to add "dax:" permissions for the operations you need to the policy associated with the IAM user used in the session.