Versions Compared

Old Version 16

changes.mady.by.user Leena Gopal

Saved on

compared with

New Version 17

changes.mady.by.user Leena Gopal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

In this article

Table of Contents
maxLevel2
absoluteUrltrue

Overview

Use this account type to connect DynamoDB Snaps with data sources that use DynamoDB accounts. The account now supports the IAM role, which can be selected by using the Authentication Types while setting up the account.

Prerequisites

None.

Limitations and Known Issues

None.

Account Settings

Image Removed

...

Required. Unique user-provided label for the account.

...

To create your DynamoDB Account, you must select the preferred Authentication Type options: User Credentials or IAM Role. The details are specified in the section DynamoDB Account Configuration Scenarios.

...


Asterisk ( * ): Indicates a mandatory field.

Info

  • Suggestion icon ( (blue star) ): Indicates a list that is dynamically populated based on the configuration.

  • Expression icon ( (blue star) ): Indicates the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.

  • Add icon ( (blue star) ): Indicates that you can add fields in the fieldset.

  • Remove icon ( (blue star) ): Indicates that you can remove fields from the fieldset.

Field Name

Field Type

Field Dependency

Description

Label*

Default Value: None
Example: DynamoDB IAM Role

String

N/A

Specify a unique label for the account.

AWS Endpoint*

Default Value: None
Example: xyz876jhnJKBuya9730

String/Expression

 

N/A

Specify the AWS end point URL. See AWS Service end points for more information.

AWS Region*

Default Value: [None]
Example: us-east-1

String/Expression

 

N/A

Specify the AWS region where the application is running from the allowed values.

Authenthication Type

Dropdown List

N/A

Select the Authentication Type from the following options:

  • User Credentials

  • IAM Role

Info

Cross Account IAM Role details are displayed in the Account settings window irrespective of the listed dropdown option chosen.

AWS Access Key ID

Default Value: [None]
Example: us-east-1

String /Expression

Appears when you select User Credentials as Authentication Type.

Specify the access key ID associated with your AWS authentication.

N/AABCDEFGHIJKL1MNOPQRS

AWS Secret Key

String/Expression

Required. Enter

N/A

Specify the secret key associated with your AWS authentication.

N/AaBcdeFGhiJKLM/N1OPQRS/t

AWS Security Token

String/Expression

N/A

Specify the security token to get

temporary

access to AWS resources using

temporary 

credentials. (Are these credentials temporary?)

Cross Account IAM Role

Learn more about adding signature to the HTTP request - AWS General Reference.ap-northeast-1

Use this field set to configure the cross account access. Learn more about setting up Cross Account IAM Role.

Role ARN

Default Value: None
Example: arn:aws:iam::612864912850:role/EC2_to_assume_role

N/A

FwoGZXIvYXdzEB0aDFkcmar63IhkrPtdoCLyASlG9Sc
L8XqQ4OUDYojrrZ9vTBMZq7NykwIMBat1NkmfK
5gci0RGvH3v57aKNLgvY0e91m/F91lxXuj1E7X7s
bXJWrDIsWq7xJ5pBFBiiDsE2F8hE6xfkbj1po9
aie3zEJYpgCv7oyFQiH/hF8qQt1ozicpiUqeERn3Hqj+KazH7PowK
3Bznhw9gwkxqARGYZn7aeTtMgEnpA+Y8DcVY123elFUNr6U2u
V0YDF1M8xwQTAt3YcULEWYMWni0XSJs/a7nsQGgC1BxT9WM
6XnaMfq1MZ+jAopb3cZKrBvdO9AGSJ8bT5rnx8mZcXnmLjYWVZ
niKKr1lpQGMiuvAzTrqh2+1vRkZ7tkExBFy0nqJSmJLtm0ywGYurYQ++na7yeQxd026Ne6

AWS End PointString/ExpressionRequired. Enter the AWS end point URL. See AWS Service end points for more information.N/Adynamodb.us-west-1.amazonaws.comAWS RegionString/Expression

Enter the AWS region where the application is running. Allowed values are:

  • us-east-1
  • us-west-1
  • us-west-2
  • eu-west-1
  • eu-central-1
  • ap-southeast-1
  • ap-southeast-2
  • ap-northeast-1
  • sa-east-1
N/A

Specify the Amazon Resource Name (ARN) of the role to assume.

External ID

Default Value: None
Example: Encrypted

N/A

Specify an external ID that might be required by the role to assume.

DynamoDB Account Configuration Scenarios

Scenario description

Groundplex Type

Role attached to EC2 instance

Authentication Type and other details

When the Groundplex type is AWS EC2 and the role attached to the EC2 instance is DynamoDB access role.

AWS EC2-type

DynamoDB access role.

Select Authentication Type as IAM Role.

When the Groundplex type is AWS EC2 and the role attached to the EC2 instance is DynamoDB Cross Account access role.

AWS EC2-type

DynamoDB Cross Account access role.

Select Authentication Type as IAM Role and provide details for Cross account IAM Role.

When you do not have AWS-EC2 groundplex and the role attached to the EC2 instance is DynamoDB access role.

User does not have AWS-EC2 groundplex. Value is from local machine.

DynamoDB access role

Select Authentication Type as User Credentials and provide details for the following fields:

  • AWS Access Key ID

  • AWS Secret Key, and

  • AWS Security Token (optional).

When you do not have AWS-EC2 groundplex and the role attached to the EC2 instance is DynamoDB Cross Account access role.

User does not have AWS-EC2 groundplex. Value is from local machine.

DynamoDB Cross Account access role.

Select Authentication Type as User Credentials and provide details for the following fields:

  • AWS Access Key ID

  • AWS Secret Key, and

  • AWS Security Token (optional).

  • Cross account IAM Role.

Account Encryption

Standard Encryption

If

If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.

Enhanced Encryption

If you have the Enhanced Encryption feature, the account fields are encrypted for each sensitivity level as shown below for this account:

  • HighAWS access key ID, AWS secret key

  • Medium + HighAWS access key ID, AWS secret key

  • Low + Medium + HighAWS access key ID, AWS secret key

Dynamo DB Permissions

The ListTables permission requires all resources (*) to be selected (as it needs to be able to list all the DynamoDB tables), but the others can have policies that are more limited (for example, to a particular table) as per the DynamoDB API Permissions reference. The most basic and permissive Policy document that could be assigned to the user that would guarantee all the required permissions are granted would be:

Code Block
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1482439123852",
      "Action": [
        "dynamodb:BatchGetItem",
        "dynamodb:BatchWriteItem",
        "dynamodb:DescribeTable",
        "dynamodb:ListTables",
        "dynamodb:Scan",
        "dynamodb:UpdateItem"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Troubleshooting

Error

Reason

Resolution

Failed to validate account: Failed to connect to service endpoint.

The connection to the host failed.

Verify that the cross IAM role is not attached to EC2 instance.


...

Insert excerpt
DynamoDB Snap Pack
DynamoDB Snap Pack
nopaneltrue