In this article
Table of Contents | ||||
---|---|---|---|---|
|
Overview
Use this account type to connect DynamoDB Snaps with data sources that use DynamoDB accounts. The account now supports the IAM role , which can be selected by using the Authentication Types while when setting up the account.
Prerequisites
...
Limitations and Known Issues
None.
Account Settings
...
Required. Unique user-provided label for the account.
...
...
Info |
---|
|
Field Name | Field Type | Field Dependency | Description | ||
---|---|---|---|---|---|
Label* Default Value: None | String | N/A | Specify a unique label for the account. | ||
AWS Endpoint* Default Value: None | String/Expression
| N/A | Specify the AWS Endpoint URL. Refer to AWS Service Endpoints for more information. | ||
AWS Region* Default Value: None | String/Expression
| N/A | Specify the AWS region where the application is running from the allowed values. | ||
Authentication Type | Dropdown List | N/A | Select either of the following Authentication Types to create your DynamoDB Account:
Learn more about DynamoDB Account Configuration Scenarios.
| ||
AWS Access Key ID Default Value: None | String /Expression | Appears when you select User Credentials as Authentication Type. | Specify the Access Key ID associated with your AWS authentication. | ||
AWS Secret Key Default Value: N/A |
Example: <Encrypted> | String/Expression |
N/A | Specify the Secret Key associated with your AWS authentication. | |
AWS Security Token Default Value: N/A |
Example: <Encrypted> | String/Expression | N/A | Specify the |
Security Token to get |
access to AWS resources using |
credentials. Note that only global Security Token Service (STS) regions are supported. | |||
Cross Account IAM Role | Use this field set to configure the cross-account access. Learn more about |
FwoGZXIvYXdzEB0aDFkcmar63IhkrPtdoCLyASlG9Sc
L8XqQ4OUDYojrrZ9vTBMZq7NykwIMBat1NkmfK
5gci0RGvH3v57aKNLgvY0e91m/F91lxXuj1E7X7s
bXJWrDIsWq7xJ5pBFBiiDsE2F8hE6xfkbj1po9
aie3zEJYpgCv7oyFQiH/hF8qQt1ozicpiUqeERn3Hqj+KazH7PowK
3Bznhw9gwkxqARGYZn7aeTtMgEnpA+Y8DcVY123elFUNr6U2u
V0YDF1M8xwQTAt3YcULEWYMWni0XSJs/a7nsQGgC1BxT9WM
6XnaMfq1MZ+jAopb3cZKrBvdO9AGSJ8bT5rnx8mZcXnmLjYWVZ
niKKr1lpQGMiuvAzTrqh2+1vRkZ7tkExBFy0nqJSmJLtm0ywGYurYQ++na7yeQxd026Ne6
Enter the AWS region where the application is running. Allowed values are:
- us-east-1
- us-west-1
- us-west-2
- eu-west-1
- eu-central-1
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- sa-east-1
Account Encryption
...
Standard Encryption
...
If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.
...
Enhanced Encryption
...
If you have the Enhanced Encryption feature, the account fields are encrypted for each sensitivity level as shown below for this account:
High: AWS access key ID, AWS secret key
Medium + High: AWS access key ID, AWS secret key
Low + Medium + High: AWS access key ID, AWS secret key
...
Role ARN Default Value: N/A | N/A | Specify the Amazon Resource Name (ARN) of the role to assume. |
External ID Default Value: N/A | N/A | Specify an External ID that might be required by the role to assume. |
DynamoDB Account Configuration Scenarios
Scenario | Groundplex Type | Role attached to EC2 instance | Authentication Type and other details |
---|---|---|---|
When the Groundplex type is an AWS EC2 and the role attached to the EC2 instance is the DynamoDB access role. | AWS EC2-type | DynamoDB access role. | Select Authentication Type as the IAM Role. |
When the Groundplex type is an AWS EC2 and the role attached to the EC2 instance is the DynamoDB Cross-account access role. | AWS EC2-type | DynamoDB Cross-account access role. | Select Authentication Type as IAM the Role and provide details for the Cross-account IAM Role. |
When you do not have an AWS-EC2 Groundplex and the role attached to the EC2 instance is the DynamoDB access role. | User does not have an AWS-EC2 Groundplex. Value is from local machine. | DynamoDB access role | Select the Authentication Type as User Credentials and provide details for the following fields:
|
When you do not have an AWS-EC2 Groundplex and the role attached to the EC2 instance is the DynamoDB Cross-account access role. | User does not have an AWS-EC2 Groundplex. Value is from local machine. | DynamoDB Cross-account access role. | Select Authentication Type as User Credentials and provide details for the following fields:
|
DynamoDB Permissions
The ListTables permission requires all resources (*) to be selected (as because it needs to be able to list all the DynamoDB tables), but the others can have policies that are more limited (for example, to a particular specific table) as per the DynamoDB API Permissions reference. The Following is the most basic and permissive Policy document that could be assigned to the user that would guarantee all the required permissions are granted would be:.
Code Block |
---|
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1482439123852", "Action": [ "dynamodb:BatchGetItem", "dynamodb:BatchWriteItem", "dynamodb:DescribeTable", "dynamodb:ListTables", "dynamodb:Scan", "dynamodb:UpdateItem" ], "Effect": "Allow", "Resource": "*" } ] } |
Troubleshooting
Error | Reason | Resolution |
---|---|---|
Failed to validate account: Failed to connect to service endpoint. | The connection to the host failed. | Verify that the Cross-account IAM role is not attached to the EC2 instance. Refer to https://docs-snaplogic.atlassian.net/wiki/spaces/SD/pages/2671280328/Configure+an+IAM+Role+in+a+DynamoDB+Account#Attach-IAM-Role-to-Instance for additional information. |
AWS Access Key ID and AWS Secret Key are mandatory for Client Credentials. | The AWS Access Key and AWS Secret might be invalid. | Verify valid AWS Access Key ID and AWS Secret are provided. |
Failed to perform AssumeRole operation. | The following could be the reasons:
|
|
...
Insert excerpt | ||||||
---|---|---|---|---|---|---|
|