0

我创建了一个模型,当我在本地机器上运行我的后端函数时它正在工作,但是当它使用 AWS 时,我在查询表时遇到了身份验证问题:

2022-02-18T08:54:58.149Z    31785a81-ea8c-434b-832f-6dcff583c01c    ERROR   Unhandled Promise Rejection     
{
    "errorType": "Runtime.UnhandledPromiseRejection",
    "errorMessage": "AccessDeniedException: User: arn:aws:sts::xxxxxxxxx:assumed-role/dev-production-history-role/ppc-backend-functions-dev-queryProductionHistoryItems is not authorized to perform: dynamodb:CreateTable on resource: arn:aws:dynamodb:eu-west-1:xxxxxxxxxxxx:table/dev-production-history-table",
    "trace": [
        "Runtime.UnhandledPromiseRejection: AccessDeniedException: User: arn:aws:sts::xxxxxxxxx:assumed-role/dev-production-history-role/ppc-backend-functions-dev-queryProductionHistoryItems is not authorized to perform: dynamodb:CreateTable on resource: arn:aws:dynamodb:eu-west-1:xxxxxxxxx:table/dev-production-history-table",
        "    at process.<anonymous> (/var/runtime/index.js:35:15)",
        "    at process.emit (events.js:400:28)",
        "    at processPromiseRejections (internal/process/promises.js:245:33)",
        "    at processTicksAndRejections (internal/process/task_queues.js:96:32)"
    ]
}

这就是我的模型的定义方式:

const model = dynamoose.model<ProductionHistory>(DatabaseTableNames.productionHistoryTable, {schema});

从查看可能的解决方案来看,似乎添加{“create”: false}参数可能会解决问题,但在 Dynamoose 版本 3 中,您无法添加三个参数,因此这不起作用:

 const model = dynamoose.model<ProductionHistory>(DatabaseTableNames.productionHistoryTable,
    schema, {“create”: false});

有谁知道如何克服这个问题,以便它适用于 Dynamoose 版本 3?

我已经按照 Charlie Fish 的建议进行了更改,现在出现以下错误:

2022-02-18T16:39:39.211Z    b00a36b8-c612-4886-b9fc-da7084527bf0    INFO    AccessDeniedException: User: arn:aws:sts::874124979428:assumed-role/dev-production-history-role/ppc-backend-functions-dev-queryProductionHistoryItems is not authorized to perform: dynamodb:Query on resource: arn:aws:dynamodb:eu-west-1:874124979428:table/dev-production-history-table
    at deserializeAws_json1_0QueryCommandError (/var/task/node_modules/dynamoose/node_modules/@aws-sdk/client-dynamodb/dist-cjs/protocols/Aws_json1_0.js:2984:41)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at async /var/task/node_modules/dynamoose/node_modules/@aws-sdk/middleware-serde/dist-cjs/deserializerMiddleware.js:7:24
    at async /var/task/node_modules/dynamoose/node_modules/@aws-sdk/middleware-signing/dist-cjs/middleware.js:11:20
    at async StandardRetryStrategy.retry (/var/task/node_modules/dynamoose/node_modules/@aws-sdk/middleware-retry/dist-cjs/StandardRetryStrategy.js:51:46)
    at async /var/task/node_modules/dynamoose/node_modules/@aws-sdk/middleware-logger/dist-cjs/loggerMiddleware.js:6:22
    at async main (/var/task/node_modules/dynamoose/dist/aws/ddb/internal.js:6:20)
    at async /var/task/node_modules/dynamoose/dist/ItemRetriever.js:105:32
    at async Object.queryByDate (/var/task/functions/production-history/query.js:1:1723)
    at async Runtime.l [as handler] (/var/task/functions/production-history/query.js:1:1974) {
  __type: 'com.amazon.coral.service#AccessDeniedException',
  '$fault': 'client',
  '$metadata': {
    httpStatusCode: 400,
    requestId: 'DCB6SNOH9O2NTRAS9LL3OJGEU7VV4KQNSO5AEMVJF66Q9ASUAAJG',
    extendedRequestId: undefined,
    cfId: undefined,
    attempts: 1,
    totalRetryDelay: 0
  },
  '$response': HttpResponse {
    statusCode: 400,
    headers: {
      server: 'Server',
      date: 'Fri, 18 Feb 2022 16:39:39 GMT',
      'content-type': 'application/x-amz-json-1.0',
      'content-length': '331',
      connection: 'keep-alive',
      'x-amzn-requestid': 'DCB6SNOH9O2NTRAS9LL3OJGEU7VV4KQNSO5AEMVJF66Q9ASUAAJG',
      'x-amz-crc32': '2950006190'
    },
    body: IncomingMessage {
      _readableState: [ReadableState],
      _events: [Object: null prototype],
      _eventsCount: 2,
      _maxListeners: undefined,
      socket: null,
      httpVersionMajor: 1,
      httpVersionMinor: 1,
      httpVersion: '1.1',
      complete: true,
      headers: [Object],
      rawHeaders: [Array],
      trailers: {},
      rawTrailers: [],
      aborted: false,
      upgrade: false,
      url: '',
      method: null,
      statusCode: 400,
      statusMessage: 'Bad Request',
      client: [TLSSocket],
      _consuming: false,
      _dumped: false,
      req: [ClientRequest],
      [Symbol(kCapture)]: false,
      [Symbol(RequestTimeout)]: undefined
    }
  }
}

这是我现在的代码:

const model = dynamoose.model<ProductionHistory>(DatabaseTableNames.productionHistoryTable, schema);
const Table = new dynamoose.Table(DatabaseTableNames.productionHistoryTable, [model], {"create": false, "waitForActive": false});

有任何想法吗?

4

1 回答 1

0

免责声明:此答案基于 Dynamoose v3.0.0 beta 1。基于 beta 版本的答案可能很快就会过时,因此请务必检查您的 Dynamoose 版本的任何更新详细信息。

在 Dynamoose v3 中,引入了一个名为Table. 这表示单个 DynamoDB 表。在之前的 Dynamoose 版本中,aModel表示单个 DynamoDB 表,但基于 API 还可以表示数据结构中的特定实体或模型(例如电影、订单、用户等)。当涉及到单表设计结构时,这尤其会导致复杂性和混乱。

就代码而言,这意味着以下内容。

// If you have the following code in v2:

const User = dynamoose.model("User", {"id": String});

// It will be converted to this in v3:

const User = dynamoose.model("User", {"id": String});
const DBTable = new dynamoose.Table("DBTable", [User]);

所以基本上你根据你的模型创建一个新的表实例。在 v3 中,如果您尝试使用模型而不基于它创建 Table 实例,它将引发错误。

一旦你这样做了,你的 Table 构造函数的第三个参数,你可以传入设置。曾经的其中之一create。因此,您可以将其设置为 false 作为该参数。

您的代码具体如下所示:

const model = dynamoose.model<ProductionHistory(DatabaseTableNames.productionHistoryTable, schema);
const DBTable = new dynamoose.Table(DatabaseTableNames.productionHistoryTable, [model], {"create": false});
于 2022-02-18T15:23:17.980 回答