DynamoDB , EC2 and IAM

DynamoDB , EC2 and IAM

DynamoDB is a hosted NoSQL database service that offers reliable performance even as it scales. It allows users the benefit of auto-scaling, in-memory caching, backup and restore options for all their internet-scale applications. Per our project, we will be creating a DynamoDB table with items, creating an EC2 instance and granting it read-access to the table, scanning the table through the AWS CLI, and validating that we can't write an item to the table through the CLI. Let's get started!

Project Requirements:

  1. Create a DynamoDB table
  2. Add 10+ items to the table
  3. Create a t.2micro EC2 instance
  4. Using an IAM role and the principle of least privilege, grant the EC2 instance read-access to DynamoDB
  5. Use the AWS CLI in the EC2 instance to scan the DynamoDB table
  6. Use the AWS CLI in the EC2 instance to validate you cannot write an item to the DynamoDB table

Prerequisites:

AWS Account

AWS CLI

For starters let's type DynamoDB into our search bar in the AWS Management Console and click on the service. Click on Create Table, and afterwards, follow the steps below:

Step 1: Fill in your information. A partition key is a simple primary key that holds a unique attr ibute, something that the other partitions within the table do not have. A sort key is a key that can gather related information together in one place where it can be queried efficiently. A composite key is a combination of a partition and sort key, and we will be using both in this project.
For this project, we will leave the settings how they are and create our table.

After your table is done creating itself, click on it and click on Explore Items > Create Item:

I clicked on Add New Attribute to add another String attribute for more efficient querying. I named the String attribute "Height". Afterwards click C reate Item
As you can see, the item was created. Per our project, we must create ten or more items. Click Create Item and continue

Now that our table has been created, let's head over and create our EC2 instance.

I decided first to create a separate VPC for this project. Check out my article here on how I did that. Next, I went ahead and created my instance:

Named the instance and chose the Amazon Linux Machine Image
Select our t2.micro type and create a key pair just for good measure
Choose the VPC and subnet that we created before. Our subnet will be in the Availability Zone us-east-1a
Create a security group and have SSH set up to allow all traffic just for this project
In the Advanced Details section, click on Create new IAM profile. This will take us to a tab where we will create a new role for our EC2 instance to have read-only access to our DynamoDB table
Click on Create Role
Keep the Trusted Entity Type as AWS Service, and select EC2 as your use case. Click next
Select the DynamoDB read-only access permission for your EC2 instance. Click next
Our role details look good, now let's click Create Role, at the bottom
After the role is created, let's go back to the previous tab and select the "Read-Only-DB" role that we created for our IAM profile. After that, launch the instance
Now that our instance is done initializing, click on Connect at the top of the page
For this project, we'll be using EC2 Instance Connect which allows us to use the AWS CLI inside the Management Console. Click Connect. This should open up the CLI in another browser tab
AWS CLI inside the AWS Management Console

We will now input the following command into our console to scan the table:

aws dynamodb scan --table-nam e sroscoe-DB --region us-east-1

The command was able to scan all 10 items

Now to test that we only have the read-only access permission for DynamoDB, let's input the following command:

aws dynamodb put-item --table-name sroscoe-DB --region us-east-1 --item '{"Universe": {"S": "DC"}, "Villain Name": {"S": "Slade"}}'

The AccessDeniedException output shows we only have read-only permissions

Had fun with this project, and this concludes month two of AWS. All feedback is welcome, and thank you for stopping by!

DynamoDB , EC2 and IAM was originally published in Towards AWS on Medium, where people are continuing the conversation by highlighting and responding to this story.

Namaste Devops is a one stop solution view, read and learn Devops Articles selected from worlds Top Devops content publishers inclusing AWS, Azure and others. All the credit/appreciations/issues apart from the Clean UI and faster loading time goes to original author.

Comments

Post a Comment

Did you find the article or blog useful? Please share this among your dev friends or network.

An android app or website on your mind?

We build blazing fast Rest APIs and web-apps and love to discuss and develop on great product ideas over a Google meet call. Let's connect for a free consultation or project development.

Contact Us

Trending DevOps Articles

Working with System.Random and threads safely in .NET Core and .NET Framework

In this post I look at some of the ways you can misuse System.Random, comparing .NET Framework, NET Core, and .NET 6 implementations. In this post I look at some of the ways you can misuse System.Random for generating random numbers, specifically around thread safety. I start by showing how to use the built-in thread-safe Random generator in .NET 6. I then step back to previous .NET Core implementations, before the thread-safe Random generator was added, and show how to add your own. Finally, we take one more step back to .NET Framework, and look at he issues that arise there. tl;dr; If you're using .NET 6, then always use the static property Random.Shared if possible. If (like me) you need to support older version of .NET Core and .NET Framework, then read on! Generating random numbers from multiple threads in .NET 6+ It's a common requirement to be able to generate some sort of random number in .NET. If you don't need this to be a cryptographically secure ran...
Read more

Popular DevOps Categories

AWS Devops aws devops use cases best devops tutorial for beginners AWS DevOps Guru Azure Business Analytics DataOps DataOps Automation DevOps Interview Questions
Docker aws cdk application load balancer AWS CDK Application security AWS CDK application Application Load Balancers with DevOps Guru Auto scale group Automation Autoscale EC2 Autoscale VPC Autoscaling AWS Azure DevOps Big Data BigQuery CAMS DevOps Containers Data Observability Frequently Asked Devops Questions in Interviews GCP Large Table Export GCP Serverless Dataproc DB Export GTmetrix Page Speed 100% Google Page Speed 100% Healthy CI/CD Pipelines How to use AWS Developer Tools IDL web services Infrastructure as code Istio App Deploy Istio Gateways Istio Installation Istio Official Docs Istio Service Istio Traffic Management Java Database Export with GCP Jenkin K8 Kubernetes Large DB Export GCP Linux MSSQL March announcement MySQL Networking Popular DevOps Tools PostgreSQL Puppet Python Database Export with GCP Python GCP Large Table Export Python GCP Serverless Dataproc DB Export Python Postgres DB Export to BigQuery Sprint Top 100 Devops Questions TypeScript Client Generator anti-patterns of DevOps application performance monitoring (APM) aws amplify deploy blazor webassembly aws cdk application load balancer security group aws cdk construct example aws cdk l2 constructs aws cdk web application firewall aws codeguru reviewer cli command aws devops guru performance management aws service catalog best practices aws service catalog ci/cd aws service catalog examples azure Devops use cases azure devops whitepaper codeguru aws cli deploy asp.net core blazor webassembly devops guru for rds devops guru rds performance devops project explanation devops project ideas devops real time examples devops real time scenarios devops whitepaper aws docker-compose.yml health aware ci/cd pipeline example host and deploy asp.net core blazor webassembly on AWS scalable and secure CI/CD pipelines security vulnerabilities ci cd pipeline security vulnerabilities ci cd pipeline aws smithy code generation smithy server generator
Show more