[SOLVED] DynamoDB permission issue with ListTables

I am currently testing building a RESTful API with DynamoDB as the data backend. I have successfully gotten a create function utilising PutItem to work with no problem but now I am trying to run a function that makes a ListTables call, and I am recieving a permissions error issue (I added the 0’s myself below):

AccessDeniedException: User: arn:aws:sts::0000000000:assumed-role/serverless-http-test-dev-us-east-1-lambdaRole/serverless-http-test-dev-api_handle is not authorized to perform: dynamodb:ListTables on resource: *]

My iamRoleStatements under the provider configuration is:

    - Effect: "Allow"
        - dynamodb:Query
        - dynamodb:Scan
        - dynamodb:GetItem
        - dynamodb:PutItem
        - dynamodb:UpdateItem
        - dynamodb:DeleteItem
        - dynamodb:ListTables
        - dynamodb:DescribeTables
      Resource: "arn:aws:dynamodb:us-east-1:*:*"

Any help would be appreciated

1 Like

Funny how this happens. Just solved the issue myself. I was researching some more and it seems that according to http://docs.aws.amazon.com/amazondynamodb/latest/developerguide/api-permissions-reference.html my resource designation was to narrow. ListTables operates at the global resource level. In other words my yml has changed to:

    - Effect: "Allow"
        - dynamodb:*
      Resource: "*"

Thanks man, this was really useful for me… I had similar issue and really It is not so easy to access to amazon’s documentation… well sometimes It is not… thank you!!