1. 确保你的IAM角色具有访问DynamoDB的权限，可以尝试使用以下权限：

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:BatchGetItem",
                "dynamodb:GetRecords",
                "dynamodb:GetShardIterator",
                "dynamodb:Query",
                "dynamodb:GetItem",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem",
                "dynamodb:DeleteItem"
            ],
            "Resource": "arn:aws:dynamodb:::table/"
        },
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:DescribeTable",
                "dynamodb:ListTables"
            ],
            "Resource": "*"
        }
    ]
}

2. 在CloudFormation模板中，将函数资源的角色属性设置为该角色ARN。例如，如果你的IAM角色名为 my-role-name，则设置Lambda@Edge函数的ARM：

    MyLambda:
      Type: AWS::Lambda::Function
      Properties:
        FunctionName: my-function-name
        Runtime: nodejs14.x
        Role: !Sub "arn:aws:iam::${AWS::AccountId}:role/my-role-name"
        Handler: index.handler
        Code:
          ZipFile: !Sub |
            const AWS = require("aws-sdk");
            const ddb = new AWS.DynamoDB.DocumentClient();
            exports.handler = async (event, context) => {
              console.log("event:", JSON.stringify(event, null, 2));
              console.log("context:", JSON.stringify(context, null, 2));
              ...

3. 最后，确保你的Lambda@Edge函数已发布到地理上离DynamoDB最近的AWS区域。如果不是，请发布到离DynamoDB最近的AWS区域，以减少延迟和欠费。