I have a lambda that calls putItem to insert a record into a DynamoDB database table.
I get the following access error when executing it:
AccessDeniedException: User: **** is not authorized to perform: dynamodb:PutItem on resource: arn:aws:dynamodb:***:table/*** because no identity-based policy allows the dynamodb:PutItem action
I need to assign a policy to my lambda, exactly one that can perform the putItem function in DynamoBD. I do not know how to do it.
This is my lambda code:
export class NewPlatformIoTCoreStack extends cdk.Stack {
constructor(scope: Construct, id: string, props?: cdk.StackProps) {
super(scope, id, props);
// Rule of IoT Core for MQTT sending of the devices
const constructProps: IotToLambdaProps = {
lambdaFunctionProps: {
code: lambda.Code.fromAsset(path.join(__dirname, '../lambdasCode/mqttBroker/')),
runtime: lambda.Runtime.NODEJS_16_X,
handler: 'index.handler'
},
iotTopicRuleProps: {
topicRulePayload: {
ruleDisabled: false,
description: "Processing of MQTT messages from AWS IoT Stack",
sql: "SELECT *, topic(4) as device_id FROM 'v1/data/1'",
actions: []
}
}
};
new IotToLambda(this, 'iot-lambda-integration', constructProps);
};
}
In the AWS lambda dashboard, go to the "Settings" tab and find the "Permissions" section there. There you can see the role associated with the Lambda. This role is the one in charge of assigning execution permissions.
You will see that the role has the name in blue, it is a link. If you click, the page for that role will be loaded and there you can configure it to give or remove permissions.
Since permissions go by role and not by lambda, if this role is shared by other resources, they will all have access to the same resources