Can not show the dynamodb from china ip

0

I use my user(FBCN1496) to access dynamodb from china ip found that dynamodb data can not shown, dynamodb table list can be shown normally. please refer to attached file db.pgn.

I guess ServiceControlPolicy setting reason cause this, but I cannot confirm it
because I can not get the error log by cloudtrail.

the attached file cloudtrail.png, the left side is access from china ip, the right side is right case by japan ip.

would you please help me check the reason?

best regards.

Enter image description here Browser side connect timeout happened, the client network performance is no problem, but why connect timeout?

Enter image description here

steven
asked a month ago56 views
1 Answer
1
Accepted Answer

Hello.

I suspect that the IP address is blocked on the AWS side.
So, why not tell AWS Support the IP address you are using to access from China and check if it is blocked?
Is it possible that your ISP is blocking access to DynamoDB?
If you have a problem like this, I think you can open a case with AWS Support under "Account and billing" and they will check it for you.
Inquiries under "Account and billing" can be made free of charge.
https://docs.aws.amazon.com/awssupport/latest/user/case-management.html

I guess ServiceControlPolicy setting reason cause this, but I cannot confirm it because I can not get the error log by cloudtrail.

By the way, is there any reason why you thought SCP was the cause?
If it is denied by SCP, I think you will get something like 403 access denied instead of a timeout error.

profile picture
EXPERT
answered a month ago
profile picture
EXPERT
reviewed a month ago
profile pictureAWS
EXPERT
reviewed a month ago
  • If it is denied by SCP, I think you will get something like 403 access denied instead of a timeout error.

    so you think that the aws account adminstrator user settings do not cause the issue, but aws internal setting or block cause the issue, is it right?

  • Yes, either your ISP, firewall or AWS may be blocking access. Usually, if the operation is blocked by SCP or IAM policy, a 403 error etc. will occur. I don't think there will be any timeout errors. https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html#access-denied-error-examples

  • Thank you your answer. For ISP, I think It's difficult to only block db data access, dynamodb table list can be shown normally. so I think only aws side can do this.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions