Reputation: 868
Restrict AWS DynamoDB access from particular AWS VPC
Using Dynamo DB for my application. I have some critical reference values and want to keep those in DynamoDB. I am not very sure about this but can we have a policy or way to restrict that DynamoDb table access from any VPC?
Thanks Kiran
Upvotes: 1
Views: 1789
Answers (2)
Reputation: 181
You can create a VPC endpoint on your DynamoDB and configure appropriate ACL's for a table.
Further reading for you
Best Practice: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/best-practices-security-preventative.html
VPC Endpoints: https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-ddb.html
Ashan is correct that you cannot have multiple DynamoDB instances per region.
Upvotes: 0
Reputation: 19705
Limiting access from a VPC is not possible, since DynamoDB operates as a regional manage service outside your VPC.
However there are several other ways to implement access control to Dynamodb. 1) Using IAM user access keys and policies 2) Using federated access control using Cognito/User Pools or Amazon STS
Note: If you need more granularity of access, you can use Dynamodb fine grained access control mechanisms. If your data are highly sensitive try considering Amazon KMS.
Upvotes: 3
Related Questions
- Restrict access to DynamoDB from EC2 instance
- Fine-grained access control for AWS DynamoDB using AWS Cognito
- how can I restrict access to my aws dynamodb
- AWS IAM: How to grant access for certain user to certain dynamoDB?
- Deny Access to a DynamoDB table
- Restricting access to DynamoDB using tag key
- DynamoDB deny access to everyone but administrators and Lambda functions
- How to limit access to resources/tables in Dynamo to a particular environment?
- How can I control user access to Amazon DynamoDB data via IAM?
- How can I use IAM policies to gain fine-grained access control for DynamoDB?