How to set up Amazon DynamoDB

πŸ€“ Who can do this? You will probably need your Amazon DynamoDB administrator to run these commands β€” you may not have access yourself.

Atlan currently only supports IAM user authentication for Amazon DynamoDB. This method uses AWS access key, secret key, and region to fetch metadata.

Create IAM policy

To create an IAM policy with the necessary permissions, follow the steps in the AWS Identity and Access Management User Guide.

Create the policy using the following JSON:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:ListTables"
            ],
            "Resource": "*"
        },
				{
            "Effect": "Allow",
            "Action": [
                "dynamodb:DescribeTable"
            ],
            "Resource": "arn:aws:dynamodb:<region>:<account_id>:table/*"
        }
    ]
}
  • Replace <region> with the AWS region of your Amazon DynamoDB instance.
  • Replace <account_id> with your AWS account ID.

IAM permissions

Atlan requires the following permissions:

  • dynamodb:ListTables:
    • Fetches a list of your Amazon DynamoDB tables. This permission is used during the metadata extraction process to dynamically determine a list of tables.
    • Note that this action does not support resource-level permissions and requires you to choose all resources, hence * for Resource.
  • dynamodb:DescribeTable:
    • Fetches metadata for extracted tables. This action supports resource-level permissions, so for Resource, you can either: 
      • Grant permission to all tables in the region for which you want to extract metadata: arn:aws:dynamodb:<region>:<account_id>:table/*
      • Specify the table names for which you want to extract metadata: arn:aws:dynamodb:<region>:<account_id>:table/table_name_1, arn:aws:dynamodb:<region>:<account_id>:table/table_name_2

Configure user-based authentication

Using the IAM policy created above, configure user-based authentication.

To configure IAM user-based authentication:

  1. Create an AWS IAM user by following the steps in the AWS Identity and Access Management User Guide.
  2. On the Set permissions page, attach the policy created in the previous step to this user.
  3. Refer to managing access keys for IAM users to create an access key for the new user.
  4. Once the user is created, view or download the user's access key ID and secret access key.
🚨 Careful! This will be your only opportunity to view or download the access keys. You will not have access to them again after leaving the user creation screen.

Related articles

Was this article helpful?
0 out of 0 found this helpful