I'm using assumed role and passing the keys to credstash along with session token. All this in Python (not CLI). However I'm unable to query the dynamoDB table correctly.
User: arn:aws:sts::ACCOUNT_B:assumed-role/CrossAccountCredstashRole not authorized to perform: dynamodb:Scan on resource: arn:aws:dynamodb:us-east-1:ACCOUNT_B:table/credential-store
It appears credstash is trying to query ACCOUNT_B table when it actually exists in ACCOUNT_A. If I specify table= I get validation error:
An error occurred (ValidationException) when calling the Scan operation: 1 validation error detected: Value 'arn:aws:dynamodb:us-east-1:ACCOUNT_A:table/credential-store' at 'tableName' failed to satisfy constraint: Member must satisfy regular expression pattern: [a-zA-Z0-9_.-]+
I'm using assumed role and passing the keys to credstash along with session token. All this in Python (not CLI). However I'm unable to query the dynamoDB table correctly.
Code:
Error:
It appears credstash is trying to query ACCOUNT_B table when it actually exists in ACCOUNT_A. If I specify table= I get validation error:
ref: https://github.com/fugue/credstash/wiki/Setting-up-cross-account-access
any way to resolve this?