Skip to main content

Amazon DynamoDB

Amazon DynamoDB by Amazon Web Services (AWS) is a NoSQL database service. You can bring the data stored in your DynamoDB tables into Brinqa to gain an overview of your threat landscape and strengthen your cybersecurity posture.

This document details the information you must provide for the connector to authenticate with Amazon DynamoDB and how to obtain that information from Amazon. See create a data integration for step-by-step instructions on setting up the integration.

Required connection settings

When setting up a data integration, select Amazon DynamoDB from the Connector drop-down. If you cannot find the connector in the drop-down, make sure that you have installed it first. You must provide the following information to authenticate Amazon DynamoDB with Brinqa:

  • Access key ID and Secret access key: The access keys associated with the Amazon DynamoDB account, which must have permissions to log in to the API server and return data. For additional information, see Create an IAM user for Amazon DynamoDB access.

  • Default region: The AWS region for the Amazon DynamoDB connector. If not specified, the connector uses the AWS default region provider chain to automatically determine the most appropriate region. This ensures that the connector adheres to the recommended AWS practices for region selection. For additional information on AWS regions, refer to the AWS documentation.

Create an IAM user for Amazon DynamoDB access

For the Amazon DynamoDB connector to interact with the Amazon DynamoDB API, you must provide specific AWS credentials and permissions. To do so, follow these steps:

  1. Log in to your organization's AWS Management Console as an administrator.

  2. Navigate to the Identity and Access Management (IAM) dashboard.

  3. From the navigation pane under Access management, click Users, and then click Create user.

  4. Provide a User name, leave the Provide user access to AWS Management Console option unchecked, and then click Next.

  5. Click the Attach policies directly option, search for and select the AmazonDynamoReadOnlyAccess permission.

    Amazon DynamoDB Read Only Access

  6. Click Next and then click Create user.

    The Users page displays and the new IAM user is available in the Users table.

note

If you do not have permissions to create a new IAM user, contact your AWS administrator. For additional information, see AWS documentation.

Obtain Amazon DynamoDB access keys

After you have created an IAM user, you can generate the access keys that are required for the Amazon DynamoDB connector to access the AWS SDK. To generate the access keys required for the integration, follow these steps:

  1. Log in to your organization's AWS Management Console as an administrator.

  2. Navigate to the IAM dashboard.

  3. From the navigation pane under Access management, click Users.

  4. Choose the IAM user you created in the earlier steps.

  5. Click the Security credentials tab and then click Create access key.

  6. Select the Application running outside AWS use case and then click Next.

  7. Provide a description and then click Create access key.

    Amazon access keys

    Your new access keys display. You cannot view the keys again after this. Copy and save them to a safe and secure location.

    note

    If you do not have permissions to create access keys, contact your AWS administrator. For additional information, see AWS documentation.

Additional settings

The Amazon DynamoDB connector contains additional options for specific configuration:

  • Table names: A comma-separated list of table names from your Amazon DynamoDB environment to retrieve and import into Brinqa. If you do not specify any table names, the Amazon DynamoDB connector retrieves all available tables. For additional information on DynamoDB tables, refer to the Amazon DynamoDB documentation.

    note

    Tables in Amazon DynamoDB serve as containers for items. Each table has a unique name within your AWS account and region. You can use the DynamoDB client's listTables method to retrieve a list of all table names in a specific region.

  • Filter expression: You can use this option to specify conditions that limit the items returned during a table scan in DynamoDB. While the scan still examines every item in the table, the filter expression is applied to each item to determine if it should be included in the results based on specified attribute values. This can help refine the data retrieved without reducing the number of items scanned. For additional information, refer to the Amazon DynamoDB documentation.

  • Page limit The maximum number of records to get per API request. The default setting is 100. It is not recommended to go over 100.

  • Parallel requests: The maximum number of parallel API requests. The default setting is 4.

APIs

The Amazon DynamoDB connector uses the AWS SDK v2.25.6.

Changelog

The Amazon DynamoDB connector has undergone the following changes:

3.0.9

  • No change.

3.0.8

  • No change.

3.0.7

  • No change.

3.0.6

  • No change.

3.0.5