Adding a DynamoDB Connection
Prerequisites
- A user with sufficient permissions is required to establish a connection with DynamoDB.
- Zeenea traffic flows towards the data source must be open.
A link to the configuration template is available from this page: Zeenea Connector Downloads.
Supported Versions
The DynamoDB connector was developed and tested with the web version of the product.
Installing the Plugin
The AWS plugin can be downloaded here: Zeenea Connector Downloads.
For more information on how to install a plugin, please refer to the following article: Installing and Configuring Connectors as a Plugin.
Declaring the Connection
Creating and configuring connectors is done through a dedicated configuration file located in the /connections folder of the relevant scanner.
Read more: Managing Connections
In order to establish a connection with a DynamoDB instance, specifying the following parameters in the dedicated file is required:
| Parameter | Expected value |
|---|---|
name | The name that will be displayed to catalog users for this connection. |
code | The unique identifier of the connection on the Zeenea platform. Once registered on the platform, this code must not be modified or the connection will be considered as new and the old one removed from the scanner. |
connector_id | The type of connector to be used for the connection. Here, the value must be aws-dynamodb and this value must not be modified. |
| Optional, can be determined from the EC2 configuration | |
connection.aws.url | Database DynamoDB address |
connection.aws.profile | AWS profile |
connection.aws.access_key_id | AWS key identifier |
connection.aws.secret_access_key | AWS secret access key |
connection.aws.region | AWS region |
connection.fetch_page_size | (Advanced) define the size of batch of items loaded by each request in inventory |
| Sampling | |
schema_analysis.enable | Enable data sample in order to complete dataset fields. Default value is false. |
schema_analysis.sample_size | Number of items retrieve for data sample. Default value is 1000. |
| Certificate & Proxy | |
tls.truststore.path | The Trust Store file path. This file must be provided in case TLS encryption is activated (protocol https) and when certificates of servers are delivered by a specific authority. It must contain the certification chain. |
tls.truststore.password | Password of the trust store file |
tls.truststore.type | Type of the trust store file. (PKCS12 or JKS). Default value is discovered from the file extension. |
proxy.scheme | Depending on the proxy, http or https |
proxy.hostname | Proxy address |
proxy.port | Proxy port |
proxy.username | Proxy username |
proxy.password | Proxy account password |
User Permissions
In order to collect metadata, the running user's permissions must allow them to access and read databases that need cataloging.
Here, the user must have the followings access rights:
dynamodb:ListTablesdynamodb:DescribeTable
If you want to determine the table's value pattern by means of sampling, the following additional access right is required:
dynamodb:PartiQLSelect
Data Extraction
To extract information, the connector runs requests on the API:
listTablesdescribeTableexecuteStatement(Statement='select * from [table_name]', Limit=[sample_size])(only with the sampling feature)
Collected Metadata
Inventory
Will collect the list of tables accessible by the user.
Dataset
A dataset is a DynamoDB table.
- Name
- Source Description
- Technical Data:
- AWS Region
- Creation Date
- Items Count
- Table Size
Field
Dataset field.
- Name
- Source Description
- Type
- Can be null: Depending on the field settings
- Multivalued: Not supported. Default value
false. - Primary Key: Depending on the "Primary Key" field attribute
- Technical Data:
- Technical Name
- Native type: Field native type
- Field Kind
Unique Identification Keys
A key is associated with each item of the catalog. When the object comes from an external system, the key is built and provided by the connector.
Read more: Identification Keys
| Object | Identifier Key | Description |
|---|---|---|
| Dataset | code/region/dataset name |
|
| Field | code/region/dataset name/field name |
|