How to prevent dynamodb direct access from internet?

Question

I want to use AWS lambda to access a dynamodb table. Is is possible to enforce internet access to dynamodb to be only through my lambda?

score 1 · Answer 1 · answered Apr 30 '17 at 13:51

1

It includes a statement:

you can use IAM policies to allow DynamoDB access through VPC endpoints only from your corporate network, and only from specific applications

However, at the moment it's still a preview. So if your region is listed you can try it out, otherwise you will have to wait.

answered Apr 30 '17 at 13:51

Udo Held

1

You can use VPC endpoints to avoid sending traffic from your apps over the big scary. internet , to dyanamo DB. However, that will not disable the DynamoDB exposed endpoints. DynamoDB is a SAAS, each specific table- or customer does not have their own endpoints. – Glenn Bech Aug 07 '20 at 08:10

score -1 · Answer 2 · edited May 23 '17 at 12:26

-1

My answer here will explain in detail how to configure your VPC to allow a lambda (or any resource) in the VPC to be able to access the internet.

It's best to keep your lambda out of the VPC if possible.

Or follow the second answer and use VPC endpoints for DynamoDB.

edited May 23 '17 at 12:26

Community

answered Apr 30 '17 at 18:42

johni

2 Answers2