Home > Enterprise >  Dynamo DB credential management
Dynamo DB credential management

Time:11-03

I am planning to use DynamoDB for the first time for my project. I initially made connection to DynamoDB from my Java application using the IAM User secret keys. But, then decided to add permissions to the IAM Role of my server, where the application runs.

Am doing it right? What's the best practice for this?

And if IAM Role is the right way to go, how do I handle applications connecting from my AWS Workspace ( my dev environment ), can I add IAM Role for that too?

CodePudding user response:

IAM Role is the correct way to go. You create a role following the least permissions privilege. This means that you assign to the role only the absolutely necessary permissions. In your case the role should only have access to specific DynamoDB Tables and Indexes.

In EC2, lambda functions and in general in AWS environment you assign this role. The service you are using, will assume this role and be able to access DynamoDB. No need to create access keys.

For your local DEV environment (outside of AWS), you should create a user, assign the role you've created and create a Key Id and a Secret. This way your local environment will only have access to the needed resources.

If you also need your personal AWS credentials in a local machine, you can use profiles to manage them.

CodePudding user response:

Handling creds when using the AWS SDK for Java is explained in the AWS Java Developer Guide in these topics:

Get started with the SDK for Java

Using credentials

This guide explains best practices.

  • Related