You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hey, I'm trying to define a mutation using function resolver created with amplify function add, that would perform a batch update on dynamodb tables created by appsync graphql api - I basically need to perform a few updates as one atomic operation.
When I call the mutation though, it fails with following error:
GraphQL error: User: arn:aws:sts::111111111111:assumed-role/appnameLambdaRole1234abcd-dev/appname-resolvers-dev is not authorized to perform: dynamodb:GetItem on resource: arn:aws:dynamodb:eu-west-1:111111111111:table/Tablename-dev
While I could attach appropriate policy to the role, it doesn't seem a good solution, I'd like to keep that in my code. I've tried using amplify function update but it doesn't let me allow the function to access the storage used by appsync.
How can I actually do this?
The text was updated successfully, but these errors were encountered:
@TeoTN Currently the function module doesn't allow you to add/edit permissions for the DDB tables created by the GraphQL transformer. But there's a PR out for it - #2463 which would enable you to do that. For now you would have to maintain a custom stack to do this.
Hey, I'm trying to define a mutation using function resolver created with
amplify function add
, that would perform a batch update on dynamodb tables created by appsync graphql api - I basically need to perform a few updates as one atomic operation.When I call the mutation though, it fails with following error:
While I could attach appropriate policy to the role, it doesn't seem a good solution, I'd like to keep that in my code. I've tried using
amplify function update
but it doesn't let me allow the function to access the storage used by appsync.How can I actually do this?
The text was updated successfully, but these errors were encountered: