Creating a DynamoDB Table using IAM Roles and EC2
Objectives:
Create a DynamoDB table for something of your choosing (e.g. movies, food, games)
- Add 10 or more items to the table
- Create a t.2micro EC2 the principle of least privilege, grant the EC2 instance read access to DynamoDB.
- Use the AWS CLI in the EC2 instance to scan the DynamoDB table
- Use the AWS CLI in the EC2 instance to validate you cannot write an item to the DynamoDB table
Lets go over what is:
IAM Roles is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS.
DynamoDB is a fully managed proprietary NoSQL database service that supports key–value and document data structures and is offered by Amazon.com as part of the Amazon Web Services portfolio.
EC2 Instance-provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 eliminates your need to invest in hardware up front, so you can develop and deploy applications faster.
Step 1:
I’m going to create a DynamoDB table using brands of Sunglasses (note all of these steps will be created and launched in the AWS Console). Lets search DynamoDB.
Lets starting creating the table, click on the create table
As stated above I’m using brands of sunglasses for my project, so I’m going under the Table Details:
Table Name: I’m going make the Table Name “Sunglasses”
Partition Key: “Brand”
Sort Key is optional so I’m going to leave that blank
Next is the Table settings I’m going to leave it set as Default settings
No need to add new tags so at this point you can click on create table
As you can see the Sunglasses table has been created and active
Lets click on the table “Sunglasses” and lets choose the Explore table items
Now I’m going to add in the 10 brand name of sunglasses by clicking on create items
Now that I have added in my 10 brands of sunglasses as you can see below we will now move to step 2
Step 2:
Now we need to create an t2. micro EC2 Instance, so lets search EC2 in the console, from here you can launch a new EC2 instance
So here name your instance, I will be naming mine DynamoDB Week 8. Now lets choose your preferred AMI, I will be using Amazon Linux.
Next I will be selecting the Instance Type using t2.micro (free tier eligible)
Under Key Pair you can create a new or use an existing
Under the Network Settings, you can choose the create security group or use existing, make sure that the Allow SSH traffic from is check and the Allow HTTP traffic from the internet
Let me to move down to the Advance Details from here we need to create new IAM profile
Step 3:
Ok now this should have directed you to the Identity and Access Management (IAM) screen, from here we will need to lick create role
Under the “Select trust entity, the trusted entity type keep set at AWS service and the Use case keep EC2 selected and click on Next.
From here lets create the permissions, in the filter search “dynamo” and it will give you a few items with the dynamo name, click on the one “AmazonDynamoDBReadOnlyAccess, click next
Now I’m going to Name, Review and Create, I named mine DynamoBD_project, you can leave the description as is,
Now click on Create Role
Now lets Launch our EC2 instance, navigate back to the EC2 and find your project instance, click on your instance click on action, security and modify IAM role
From here drop down and select your IAM role name you created, tje click the Update IAM role
Step 4:
I will be using the AWS CLI in the EC2 instance to scan the DynamoDB table, but first you will need to ssh in to connect
Once you are at the command line let scan our created DynamoDB table type in the following
aws dynamodb scan — table-name Sunglasses — region us-east-1
This will list out what was created in your DynamoDB table.
Step 5:
I will use the AWS CLI in the EC2 instance to validate that you can’t write and item to the DynamoDB table, you should not be using your IAM Access keys) this how you can verify the role is working properly.
Run this command:
aws dynamodb put-item — table-name Sunglasses — region us-east-1 — item ‘{“Brand”: {“S”: “Shoes”}}’
If you are seeing the AccessDeniedExpection error message you have successfully completed this project.
