0

当我尝试从 AWS Lambda 查询 AWS Keyspaces(托管 Cassandra)时,我收到此错误:

{
  "errorType": "AggregateException",
  "errorMessage": "One or more errors occurred. (All hosts tried for query failed (tried 11.11.111.11:9142: UnauthorizedException 'User arn:aws:iam::111111111111:user/user-for-keyspaces has no permissions.'; 11.11.111.11:9142: UnauthorizedException 'User arn:aws:iam::111111111111:user/user-for-keyspaces has no permissions.'))",
  "stackTrace": [
    "at lambda_method(Closure , Stream , Stream , LambdaContextInternal )"
  ],
  "cause": {
    "errorType": "NoHostAvailableException",
...

但是在密钥空间的 AWS 控制台中,我看不到任何地方可以添加权限。

用户策略user-for-keyspaces已经附加了这个:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "cassandra:*"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

如何在 AWS Keyspaces 中添加权限?

4

2 回答 2

2

你应该只需要 cassandra

{
        "Statement": [
          {
            "Sid": "keyspaces-full-access",
            "Principal": "*",
            "Action": [
              "cassandra:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
          }
        ]
      }

此外,Amazon Keyspaces 会在您账户中的 system.peers 表中填充一个条目,其中包含 VPC 终端节点可用的每个可用区的条目。要在 system.peers 表中查找和存储可用的接口 VPC 终端节点,Amazon Keyspaces 要求您授予用于连接到 Amazon Keyspaces 的 IAM 实体访问权限,以在您的 VPC 中查询终端节点和网络接口信息。

   {
   "Version":"2012-10-17",
   "Statement":[
      {
         "Sid":"ListVPCEndpoints",
         "Effect":"Allow",
         "Action":[
            "ec2:DescribeNetworkInterfaces",
            "ec2:DescribeVpcEndpoints"
         ],
         "Resource":"*"
      }
   ]
}

在此处了解有关 VPC 终端节点的更多信息

于 2021-08-18T20:17:51.050 回答
0

问题实际上与错误消息中的用户无关,而是我为 Keyspaces 创建的 VPC 端点。

端点需要cassandra:*权限才能执行查询,例如

      {
        "Statement": [
          {
            "Sid": "keyspaces-full-access",
            "Principal": "*",
            "Action": [
              "cassandra:*",
              "keyspaces:*"
            ],
            "Effect": "Allow",
            "Resource": "*"
          }
        ]
      }
于 2021-02-04T11:32:39.897 回答