In this article
| Table of Contents | ||||
|---|---|---|---|---|
|
...
Scenario description | Groundplex Type | Role attached to EC2 instance | Authentication Type and other details |
|---|---|---|---|
When the Groundplex type is AWS EC2 and the role attached to the EC2 instance is DynamoDB access role. | AWS EC2-type | DynamoDB access role. | Select Authentication Type as IAM Role. |
When the Groundplex type is AWS EC2 and the role attached to the EC2 instance is DynamoDB Cross Account access role. | AWS EC2-type | DynamoDB Cross Account access role. | Select Authentication Type as IAM Role and provide details for Cross account IAM Role. |
When you do not have AWS-EC2 groundplex and the role attached to the EC2 instance is DynamoDB access role. | User does not have AWS-EC2 groundplex. Value is from local machine. | DynamoDB access role | Select Authentication Type as User Credentials and provide details for the following fields:
|
When you do not have AWS-EC2 groundplex and the role attached to the EC2 instance is DynamoDB Cross Account access role. | User does not have AWS-EC2 groundplex. Value is from local machine. | DynamoDB Cross Account access role. | Select Authentication Type as User Credentials and provide details for the following fields:
|
Account Encryption
Standard Encryption
|
Enhanced Encryption
If you have the Enhanced Encryption feature, the account fields are encrypted for each sensitivity level as shown below for this account:
High: AWS access key ID, AWS secret key
Medium + High: AWS access key ID, AWS secret key
Dynamo DB Permissions
The ListTables permission requires all resources (*) to be selected (as it needs to be able to list all the DynamoDB tables), but the others can have policies that are more limited (for example, to a particular table) as per the DynamoDB API Permissions reference. The most basic and permissive Policy document that could be assigned to the user that would guarantee all the required permissions are granted would be:
...