Reputation: 7413
"aws dynamodb list-tables" is not working on ec2 instance
I've created a node.js application which connects to DynamoDB. Everything is working fine locally Now I'm trying to setup on AWS servers.
- First I've created DynamoDB tables from AWS DynamoDB console. It is working fine.
- I've created a new role from IAM management console > Roles to access DynamoDB. And attached that role to EC2 instance. But when I fire any aws dynamodb cli command, it gave me error to mention the region.
- So I went to IAM management console > Users, and created an access key to my admin type user.
- Now I'm login to EC2 CLI using
ec2-userandaws configurewith previously generated access key.
AWS Access Key ID [None]: ACCESS KEY
AWS Secret Access Key [None]: SECRET
Default region name [None]: us-east-1
Default output format [None]: json
- But when I use following command
aws dynamodb list-tables. It gives no output, no error.
Upvotes: 2
Views: 1124
Answers (2)
Reputation: 7413
As I commented, The main issue was outbound rules for attached security group. Here are the necessary things to do
- Set a security group outbound rule to HTTPS
- Setup Credentials
- Create Access Key from IAM management console > Users.
- SSH to EC2 instance.
- Configure the credentials to EC2 instance using
aws configurecommand or directly modify~/.aws/credentialsfile.
- Attach Role
- Create Role from IAM management console > Roles. Select the role which is necessary to perform operation on AWS service. Eg
AmazonDynamoDBFullAccess - Open VPC console and select the EC2 instance.
- Attach the role from Actions menu
- Create Role from IAM management console > Roles. Select the role which is necessary to perform operation on AWS service. Eg
It is good, though optional, to create VPC endpoint. If you face UnauthorizedOperation error while creating endpoint, assign AmazonEC2FullAccess permission to the user from IAM console. Remove it later if you don't need it.
To use the AWS service from your application, find the relevant endpoint from this list.
Upvotes: 1
Reputation: 55760
It sounds like you are having problems connecting to DynamoDB because of the way you have configured your VPC.
There are some options but if you would prefer to keep your VPC isolated from the internet then you could enable VPC endpoints for DynamoDB. That way you can access DynamoDB from within your VPC without those connections going over the public internet.
There is a step-by-step guide for how to do that here: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/vpc-endpoints-dynamodb.html
Essentially, it involves the following steps:
- you have to get the VPC id for the VPC where your EC2 instance is located
- create a VPC endpoint for DynamoDB, specifying the VPC id and the regional dynamodb service name:
aws ec2 create-vpc-endpoint --service-name com.amazonaws.<region>.dynamodb --vpc-id <yourvpcid>
Upvotes: 0
Related Questions
- aws-sdk : DynamoDB : Fetch list of all tables
- "aws dynamodb list-tables" not showing the tables present
- DynamoDB Table Missing?
- DynamoDB: getting table description null
- unable to create DynamoDB table from aws CLI
- DynamoDB in local Docker Setup: Table not found
- dynamo db: RuntimeError: table schema not loaded
- Error when AWS Lambda trying to list DynamoDb tables
- Flask Dynamo connection issue(AttributeError: 'Dynamo' object has no attribute 'tables')
- dynamodb cannot get list of tables