Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Use this account type to connect DynamoDB Snaps with data sources that use DynamoDB accounts. The account now supports the IAM role , which can be selected by using the Authentication Types while when setting up the account.

Prerequisites

None.

Limitations and Known Issues

None.

Account Settings

To create your DynamoDB Account, you must select the preferred Authentication Type options: User Credentials or IAM Role. The details are specified in the section DynamoDB Account Configuration Scenarios.

...

Info
  • Asterisk ( * ): Indicates a mandatory field.

...

  • Suggestion icon ( (blue star) ): Indicates a list that is dynamically populated based on the configuration.

  • Expression icon ( (blue star) ): Indicates the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.

  • Add icon ( (blue star) ): Indicates that you can add fields in the

...

  • field set.

  • Remove icon ( (blue star) ): Indicates that you can remove fields from the

...

  • field set.

Field Name

Field Type

Field Dependency

Description

Label*

Default Value: None
Example: DynamoDB IAM Role

String

N/A

Specify a unique label for the account.

AWS Endpoint*

Default Value: None
Example: xyz876jhnJKBuya9730

String/Expression

 

N/A

Specify the AWS

end point

Endpoint URL. Refer to AWS Service

end points

Endpoints for more information.

AWS Region*

Default Value:

[

None

]


Example: us-east-1

String/Expression

 

N/A

Specify the AWS region where the application is running from the allowed values.

Authenthication

Authentication Type

Dropdown List

N/A

Select either of the

Authentication Type from the following options

following Authentication Types to create your DynamoDB Account:

  • User Credentials

  • IAM Role

Learn more about DynamoDB Account Configuration Scenarios.

Info

Cross Account IAM Role

details

settings are

displayed

available in the Account settings

window irrespective

dialog box regardless of the

listed dropdown option chosen

Authentication Type you choose.

AWS Access Key ID

Default Value:

[

None

]


Example: us-east-1

String /Expression

Appears when you select User Credentials as Authentication Type.

Specify the

access key

Access Key ID associated with your AWS authentication.

AWS Secret Key

Default Value: N/A
Example: <Encrypted>

String/Expression

N/A

Specify the

secret key

Secret Key associated with your AWS authentication.

AWS Security Token

Default Value: N/A
Example: <Encrypted>

String/Expression

N/A

Specify the

security token

Security Token to get access to AWS resources using credentials. Note that only global Security Token Service (STS) regions are supported.

Cross Account IAM Role

Use this field set to configure the cross-account access. Learn more about

setting

- Setting up Cross-Account IAM Role.

Role ARN

Default Value:

 None

 N/A
Example: arn:aws:iam::612864912850:role/EC2_to_assume_role

N/A

Specify the Amazon Resource Name (ARN) of the role to assume.

External ID

Default Value:

 None

 N/A
Example:

Encrypted

<Encrypted>

N/A

Specify an

external

External ID that might be required by the role to assume.

DynamoDB Account Configuration Scenarios

Scenario

description

Groundplex Type

Role attached to EC2 instance

Authentication Type and other details

When the Groundplex type is an AWS EC2 and the role attached to the EC2 instance is the DynamoDB access role.

AWS EC2-type

DynamoDB access role.

Select Authentication Type as the IAM Role.

When the Groundplex type is an AWS EC2 and the role attached to the EC2 instance is the DynamoDB Cross

Account

-account access role.

AWS EC2-type

DynamoDB Cross

Account

-account access role.

Select Authentication Type as IAM the Role and provide details for the Cross-account IAM Role.

When you do not have an AWS-EC2

groundplex

Groundplex and the role attached to the EC2 instance is the DynamoDB access role.

User does not have an AWS-EC2

groundplex

Groundplex. Value is from local machine.

DynamoDB access role

Select the Authentication Type as User Credentials and provide details for the following fields:

  • AWS Access Key ID

  • AWS Secret Key

, and
  • AWS Security Token (optional)

.

When you do not have an AWS-EC2

groundplex

Groundplex and the role attached to the EC2 instance is the DynamoDB Cross

Account

-account access role.

User does not have an AWS-EC2

groundplex

Groundplex. Value is from local machine.

DynamoDB Cross

Account

-account access role.

Select Authentication Type as User Credentials and provide details for the following fields:

  • AWS Access Key ID

  • AWS Secret Key

, and
  • AWS Security Token (optional)

.
  • Cross-account IAM Role

.

Dynamo DB DynamoDB Permissions

The ListTables permission requires all resources (*) to be selected (as because it needs to be able to list all the DynamoDB tables), but the others can have policies that are more limited (for example, to a particular specific table) as per the DynamoDB API Permissions reference. The  Following is the most basic and permissive Policy document that could be assigned to the user that would guarantee all the required permissions are granted would be:.

Code Block
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1482439123852",
      "Action": [
        "dynamodb:BatchGetItem",
        "dynamodb:BatchWriteItem",
        "dynamodb:DescribeTable",
        "dynamodb:ListTables",
        "dynamodb:Scan",
        "dynamodb:UpdateItem"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}

Troubleshooting

Error

Reason

Resolution

Failed to validate account: Failed to connect to service endpoint.

The connection to the host failed.

Verify that the

cross

Cross-account IAM role is not attached to the EC2 instance. Refer to https://docs-snaplogic.atlassian.net/wiki/spaces/SD/pages/2671280328/Configure+an+IAM+Role+in+a+DynamoDB+Account#Attach-IAM-Role-to-Instance for additional information.

AWS Access Key ID and AWS Secret Key are mandatory for Client Credentials.

The AWS Access Key and AWS Secret might be invalid.

Verify valid AWS Access Key ID and AWS Secret are provided.

Failed to perform AssumeRole operation.

The following could be the reasons:

  • Insufficient permissions

  • Incorrect Role ARN

  • Account or role restrictions

  • Verify that the Sanplex is an EC2 plex and IAM role associated with the EC2 instance can assume the cross-account IAM role.

  • Ensure that the necessary permissions and trust relationships are correctly configured.

  • Ensure that the correct role ARN and valid credentials are being used.

...

Insert excerpt
DynamoDB Snap Pack
DynamoDB Snap Pack
nopaneltrue
Related Content