User is not authorized to access this resource

Serverless Framework
, ,
1

i have this config on my serverless.yml file which i’ve been using on my other projects and working

iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:Query
        - dynamodb:Scan
        - dynamodb:*Item
      Resource: "arn:aws:dynamodb:ap-southeast-2:<account>:table/PB*"

i even tried this yml format:

iamRoleStatements:
    - Effect: Allow
      Action:
        - dynamodb:Query
        - dynamodb:Scan
        - dynamodb:GetItem
        - dynamodb:PutItem
        - dynamodb:UpdateItem
        - dynamodb:DeleteItem
      Resource: "arn:aws:dynamodb:ap-southeast-2:<account>:table/PB*"

but still get this error:

{
    "Message": "User is not authorized to access this resource"
}
2

I recently had this issue, and the problem was with authorization caching. I was getting the exact same error message.

I fixed this in the API Gateway dashboard. Under the API that was causing the issue, there is a section for the Authorizers. Click edit, and uncheck “Authorization Caching”. Then make sure to re-deploy your API after clicking save.

3 Likes
3

thx for saving me lots of neurons :slight_smile:

4

disabling caching may not be the correct way to go. You may refer to this answer.

In short when you authorize the request, the event.methodArn contains the request path as well. Which means that if this is cached only this specific request maybe used. The answer provides a solution.