I've created my api in vercel, which uses aws lambda. In my function, I've used a call to dynamodb in my aws account.
But I keep getting AccessDeniedException.
But, When I run it locally, there is no issue.
AccessDeniedException: User: arn:aws:sts::764717618004:assumed-role/cloudwatch_logs_events_putter/L0ZFqQmkoVXQ44u8QwB1yH0f-805fd9d54732e5470e54bf12bd9a25672e379b5
is not authorized to perform: dynamodb:GetItem on resource: arn:aws:dynamodb:ap-south-1:764717618004:table/users
this adresses the issue when both lambda and dynamo are of the same user account.
Well guess what, after hours of combing through aws documentation I got to the root of the issue.
The user: arn:aws:sts::764717618004:assumed-role/ and arn:aws:dynamodb:ap-south-1:764717618004:table/users are the same, which was odd once I thought about it.
Because the aws Id of dynamodb should've been mine, but it's evidently not. So I tried logging the accessKeyId, and to my surprise it was not what I set in the Environment.
Then I just checked out what's in vercel env ls. There was nothing wrong at first sight, but then I noticed a little typo in the DYNAMODB_ACCESS_KYE_ID.
YES IT WAS JUST A TYPO. successfully wasted 6+ hours on a typo in environment variable.