Dustin Coates in Alexa

Adding DynamoDB Permissions to ASK CLI Created Skills

The ASK CLI has been a fantastic addition to Alexa Skills Kit developers’ work flows. It has largely erased the need to go to the browser to set up an Alexa Skill. There are a couple of situations where it isn’t end-to-end, and one of those is one that will come up for nearly all skills: as soon as you want to use DynamoDB with a skill, you need to add the correct permissions through IAM.

Adding what you need is a few steps, but thankfully nothing too bad. First go into the IAM console and navigate to where it says “Roles.” What you’ll see is that listed there is a role that corresponds to “ask-lambda” plus the skill name. Click into it.

On the next screen, go to “Add inline policy” and then “Custom policy.” Give it whatever name you’d like and paste the following for the “Policy Document.”

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:CreateTable",
                "dynamodb:DeleteItem",
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem"
            ],
            "Resource": [
                "arn:aws:dynamodb:*:*:*"
            ]
        }
    ]
}

Click on “Apply policy” and you’re done. You’re now able to use DynamoDB in your ASK CLI created skill.