How do I attach BatchWriteItem Permission to my IAM role policy?

Serverless Framework
1

Hey I just started with Serverless so I am trying to be as precise as possible with my problem.

I am using AWS AppSyncDynamoDB resolvers to use GraphQL to store and retrieve data in my Amazon DynamoDB table. Everything was working fine until I wanted to use Batch operations specifically BatchDeleteItem.

I got the error that my user was missing the necessary permissions even though I specified in my Serverless.yml file the following:

  • Effect: “Allow”
    Action:
    - dynamodb:DescribeTable
    - dynamodb:Query
    - dynamodb:Scan
    - dynamodb:GetItem
    - dynamodb:PutItem
    - dynamodb:UpdateItem
    - dynamodb:DeleteItem
    - dynamodb:BatchWriteItem
    - dynamodb:BatchDeleteItem

I went into the IAM Management console and saw that within the created policy BatchWriteItem and BatchDelteItem were missing:

{
“Version”: “2012-10-17”,
“Statement”: [
{
“Action”: [
“dynamodb:DeleteItem”,
“dynamodb:GetItem”,
“dynamodb:PutItem”,
“dynamodb:Query”,
“dynamodb:Scan”,
“dynamodb:UpdateItem”
],
“Resource”: [
“arn:aws:dynamodb:eu-central-1:MYID:table/MYTABLENAME”,
“arn:aws:dynamodb:eu-central-1:MYID:table/MYTABLENAME/*”
],
“Effect”: “Allow”
}
]
}

When I add the necessary permission manually to the policy everything is working. But it is really important for me that this policy is created over the serverless.yml file and sls deploy.

Am I missing something here?

Thanks Ben!

2

Hi Ben,

I think you might have found the answer by now. But if not here it is.
There is no BatchDeleteItem. There is only BatchWriteItem. This can be used to delte upto 25 items.

BatchWriteItem – Deletes up to 25 items from one or more tables. This is more efficient than calling DeleteItem multiple times because your application only needs a single network round trip to delete the items. You can also use BatchWriteItem for adding multiple items to one or more tables.