问题描述
当我尝试从 AWS Lambda 查询 AWS Keyspaces(托管 Cassandra)时,我收到此错误:
{
"errorType": "AggregateException","errorMessage": "One or more errors occurred. (All hosts tried for query Failed (tried 11.11.111.11:9142: UnauthorizedException 'User arn:aws:iam::111111111111:user/user-for-keyspaces has no permissions.'; 11.11.111.11:9142: UnauthorizedException 'User arn:aws:iam::111111111111:user/user-for-keyspaces has no permissions.'))","stackTrace": [
"at lambda_method(Closure,Stream,LambdaContextInternal )"
],"cause": {
"errorType": "NoHostAvailableException",...
但在密钥空间的 AWS 控制台中,我没有看到任何地方可以添加权限。
user-for-keyspaces 的用户政策已附加此内容:
{
"Version": "2012-10-17","Statement": [
{
"Action": [
"cassandra:*"
],"Effect": "Allow","Resource": "*"
}
]
}
如何在 AWS Keyspaces 中添加权限?
解决方法
问题实际上与错误消息中的用户无关,而是我为 Keyspaces 创建的 VPC 端点。
端点需要 cassandra:* 权限才能执行查询,例如
{
"Statement": [
{
"Sid": "keyspaces-full-access","Principal": "*","Action": [
"cassandra:*","keyspaces:*"
],"Effect": "Allow","Resource": "*"
}
]
}