Can not show the dynamodb from china ip

0

I use my user(FBCN1496) to access dynamodb from china ip found that dynamodb data can not shown, dynamodb table list can be shown normally. please refer to attached file db.pgn.

I guess ServiceControlPolicy setting reason cause this, but I cannot confirm it
because I can not get the error log by cloudtrail.

the attached file cloudtrail.png, the left side is access from china ip, the right side is right case by japan ip.

would you please help me check the reason?

best regards.

Enter image description here Browser side connect timeout happened, the client network performance is no problem, but why connect timeout?

Enter image description here

posta 2 mesi fa77 visualizzazioni
1 Risposta
1
Risposta accettata

Hello.

I suspect that the IP address is blocked on the AWS side.
So, why not tell AWS Support the IP address you are using to access from China and check if it is blocked?
Is it possible that your ISP is blocking access to DynamoDB?
If you have a problem like this, I think you can open a case with AWS Support under "Account and billing" and they will check it for you.
Inquiries under "Account and billing" can be made free of charge.
https://docs.aws.amazon.com/awssupport/latest/user/case-management.html

I guess ServiceControlPolicy setting reason cause this, but I cannot confirm it because I can not get the error log by cloudtrail.

By the way, is there any reason why you thought SCP was the cause?
If it is denied by SCP, I think you will get something like 403 access denied instead of a timeout error.

profile picture
ESPERTO
con risposta 2 mesi fa
profile picture
ESPERTO
verificato 2 mesi fa
profile pictureAWS
ESPERTO
verificato 2 mesi fa
  • If it is denied by SCP, I think you will get something like 403 access denied instead of a timeout error.

    so you think that the aws account adminstrator user settings do not cause the issue, but aws internal setting or block cause the issue, is it right?

  • Yes, either your ISP, firewall or AWS may be blocking access. Usually, if the operation is blocked by SCP or IAM policy, a 403 error etc. will occur. I don't think there will be any timeout errors. https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html#access-denied-error-examples

  • Thank you your answer. For ISP, I think It's difficult to only block db data access, dynamodb table list can be shown normally. so I think only aws side can do this.

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Linee guida per rispondere alle domande