-3

The way that most databases typically work is through a consistent connection (mysql/postgres) etc, through a connection string to hit a server.

I am working with Lambda/DynamoDB and to my understanding, Dynamo is serverless, there is no consistent connection, it's just http calls. I can't see anywhere where I point the lambda at the dynamo table (other than in the IAM policy, giving it access to said table). Does it infer it from the IAM policy, or do I need to point this elsewhere?

Sheen
  • 586
  • 10
  • 22
  • 1
    You need to specify the name of the table, you are in a region within an account, that uniquely identifies the table, not related to IAM. – luk2302 Dec 19 '22 at 12:52
  • Did you write any code? Did you look at the basic language-specific SDK for that programming language? – jarmod Dec 19 '22 at 14:55

3 Answers3

0

DynamoDB Table name is provided as an input when you make a request. That's how Lambda knows which DynamoDB to connect to.

Most people use the AWS SDK to connect to the DynamoDB. Table name is an input in the client.

If you want to connect making HTTP calls, you'd be using the Low-level API. You still provide the Table name in the request. You can see the documentation here for that.

Brian
  • 1,056
  • 9
  • 15
  • When you say table name - does it know to look in the same aws account as the lambda? Or does the table name specify the account also? – Sheen Dec 19 '22 at 13:42
  • The table name does not specify the account. The account comes from the credentials you use. Usually the credentials and the table are in the same account. If your table is in a different account, you need to create a new role and assume that role. You can check this answer to do that: https://stackoverflow.com/questions/54692338/accessing-two-tables-from-different-accounts-within-the-same-lambda-function – Brian Dec 19 '22 at 14:17
  • @Sheen you really should work through a few AWS tutorials first and play around with your own account, these are VERY basic questions. – luk2302 Dec 19 '22 at 15:18
  • @luk2302 I agree, it's a basic question, but the specifics of this aren't spelled out in the docs, it seems to just infer 'it will work', rather than specifically pointing out it will use one in the account that the aws credentials are enabled for – Sheen Dec 19 '22 at 16:57
  • To add to this - is it possible to use a dynamo db in a seperate account to the one the lambda is in? – Sheen Dec 19 '22 at 17:27
  • @Sheen cross account accesses are generally possible via RAM, resource policies or assuming roles in the target account. Dynamo does not support there first two. Googling for "aws lambda DynamoDB cross account" will yield plenty results... – luk2302 Dec 19 '22 at 17:59
-1

You would typically pass the table name to the Lambda as an Environment Variable*. The table name is used in the DynamoDB SDK client to perform operations on the table.

* You could also retrieve the table name value at runtime from the Systems Manager Parameter Store. But because table name is a fixed value, the environment variable approach is better.

fedonev
  • 20,327
  • 2
  • 25
  • 34
-1

You're partly correct in that it infers the account number and permissions needed from the IAM policy attached to your Lambdas ExecutionRole.

And you're also correct that DynamoDB is a http/https based connection, which uses short lived connections rather that the long lived ones that you may be more familiar with.

Ultimately it comes down to how you configure your DynamoDB Client. It's through the parameters you pass to your SDKs client that Lambda knows how to connect to that table. 2 important parameters here are the region_name and table_name:

session = boto3.session.Session(region_name="eu-west-1")
client = session.client('dynamodb')

response = client.scan(
            TableName=table_name
            )

Above you can see an example of a Scan in python, where you see the region being set and also the table name being passed as a parameter to the Scan function.

Most people tend to store their table names as Lambda Environment Variables which allow you to set the tables name at creation time through infrastructure as code for example.

https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GettingStartedDynamoDB.html

Leeroy Hannigan
  • 11,409
  • 3
  • 14
  • 31