I am trying to integrate Spring Boot with DynamoDB and seems like i am running into the access denied issue.
Here is what I have already done
- Created a new user
- Created a user group and assigned the user to the group.
- Created the policy with the access to dynamodb as a resource for put, get and delete.
- Assigned the policy to the user group
I am still not able to understand why the programmatic connection to dynamodb is providing me access denied.
Here is source code for the config class.
public class DynamoDbConfig {
@Value("${aws.access.key}")
private String awsAccessKey;
@Value("${aws.access.secret-key}")
private String awsSecretKey;
@Value("${aws.dynamodb.endpoint}")
private String awsDynamoDBEndPoint;
@Value("${aws.region:}")
private String awsRegion;
@Bean
public AWSCredentials amazonAWSCredentials(){
return new BasicAWSCredentials(awsAccessKey, awsSecretKey);
}
public AWSCredentialsProvider amazonAWSCredentialsProvider(){
return new AWSStaticCredentialsProvider(amazonAWSCredentials());
}
public AmazonDynamoDB amazonDynamoDB(){
return AmazonDynamoDBClientBuilder.standard()
.withEndpointConfiguration(new AwsClientBuilder.EndpointConfiguration(awsDynamoDBEndPoint, awsRegion))
.withCredentials(amazonAWSCredentialsProvider())
.build();
}
@Bean
public DynamoDBMapper mapper(){
return new DynamoDBMapper(amazonDynamoDB());
}
Already checked it out that the config properties are being loaded correct.
Is there something that I am missing ?
Any help will be greatful.
Thanks
CodePudding user response:
I found a way to resolve this.
Attach the AWS managed Full DynamoDB Access policy to the group. For development or POC purposes it is ok but its a best practice to restrict the access to the resource through the policy.
This is what I did to gave access
"Action": [
"sns:Publish",
"dynamodb:*"
],
CodePudding user response:
For the best practice please follow link fine-grained access control