Whats new in DynamoDB | S02E17 | Lets talk about Data Show
In this show, AWS DynamoDB experts are discussing the new PrivateLink and Resource-based policies features, that simplify connectivity and data access in DynamoDB
Ibrahim Emara
Amazon Employee
Published May 3, 2024
In this new episode of the show we discussed the following:
The new DynamoDB features announced include resource-based policies and private link support. Resource-based policies allow controlling access to DynamoDB tables at a granular level, including enabling cross-account access in a simplified manner compared to traditional IAM roles. This provides better visibility and control over who can access the data. Private link support enables on-premises applications to access DynamoDB resources privately over an AWS PrivateLink instead of going over the public internet or using custom infrastructure.
In the demos, resource-based policies were shown to allow cross-account access to a DynamoDB table from a Lambda function in another account. The private link demo illustrated how an on-premises application could not access the DynamoDB interface endpoint over the public internet but could access it privately after establishing a VPN connection to the VPC where the interface endpoint resolved to a private IP. Key advantages of private link include simplifying network architecture, addressing compliance requirements, and improving security posture.
Some other points covered included the differences between private link endpoints and gateway endpoints, applying fine-grained access control through policies, limitations around cross-account access for DynamoDB streams, and the cost factor between gateway endpoints and private link endpoints. Overall, these new features enhance access control, networking flexibility and data residency capabilities for DynamoDB.
Highlights:
- Resource-based policies for cross-account access
- Private link for private on-prem connectivity
- Fine-grained access control via policies
- Cost differential between private link and gateways
- Streams limitation on cross-account access
Check out the recording here:
Loading...
Ibrahim Emara, RDS Specialist Solutions Architect @ AWS
Lee Hannigan, Sr. Specialist Solutions Architect @ 𝐀𝐖𝐒
Aman Dhingra, Sr. DynamoDB Specialist Solutions Architect @ 𝐀𝐖𝐒
Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.