Reputation: 22356
AWS DynamoDB is always internet facing
Question
Tried to find a way to put DynamoDB in a VPC but could not find so far.
For Lambda, it can be inside a VPC with ENI having an IP from a VPC subnet, and then the Lambda does not have any internet connectivity without NAT.
Please confirm, DynamoDB has no such feature and it is always internet facing, although we can route the traffic not to go to the Internet via DynamoDB VPC endpoint.
Upvotes: 2
Views: 4727
Answers (3)
Reputation: 5954
DynamoDB Preventative Security Best Practices -
TLDR, main points -
1. Use IAM policy conditions for fine-grained access control
2. Use a VPC endpoint and policies to access DynamoDB
3. Encryption at rest
4. Use IAM roles
Upvotes: 1
Reputation: 644
Your are right, DynamoDB always internet-facing. Is it bother you? Access to DynamoDB denied without IAM authentication
Upvotes: 1
Reputation: 8885
That is correct. You can use IAM policies with conditions to limit access to within a VPC, however. Restricting Access to a Specific VPC
Upvotes: 4
Related Questions
- Cant connect dynamo Db from my vpc configured lambda function
- Serverless Offline & DynamoDB throws Local UnknownEndpoint: Inaccessible host: localhost at port 8000 Service may not be available in localhost region
- Connecting to DynamoDB from on-premises web server
- DynamoDB access From EC2
- Is the connection from EC2 to AWS Service (like dynamodb) happening within the AWS Network, or via public internet?
- Using VPC Endpoint for DynamoDB with Amazon.DynamoDBv2
- Serverless offline + DynamoDb local issue
- DynamoDB locally
- how to configure a VPC endpoint to access DynamoDB with Terraform?
- AWS lambda call dynamo db through private network or bypass internet traffic