I am developing an AWS Lambda based application which uses go SDK.
I have multiple functions which make calls to DynamoDB APIs.
Currently in each every function I am creating the session.
Instead of this I am thinking, if I can create a common method which can create a session. This session can be used by other functions.
The code snippet is as below -
func GetDynamoDbConnection(customerId string) *dynamodb.DynamoDB {
roleArn := constants.IAM_ROLE_ARN_PREFIX + constants.AWS_ACCOUNT_ID + ":" + constants.IAM_ROLE_STR + constants.IAM_CUST_ROLE_PREFIX + "-" + customerId
sess := session.Must(session.NewSession())
creds := stscreds.NewCredentials(sess, roleArn)
dynamoDbSession := dynamodb.New(sess, &aws.Config{Credentials: creds})
return dynamoDbSession
}
I call this function as below -
dbInfo := utils.GetDynamoDbConnection(customerId)
But when I use this session to make DynamoDb calls, it doesn't work. I get an error - Access Denied.
But if I create the session in the same function where I am using it, it works.
Any pointers?
The code seems to be fine. Do make sure that the function calls inside the GetDynamoDbConnection are getting the apt parameters and returning the expected data.
Here, the error Access Denied probably hints that the Role ARN might not be correctly configured in the stscreds.NewCredentials function. So, check if the RoleARN string has the appropriate value.