How to use the AWS CLI to scan and write to DynamoDB table
Project tasks:
IAM Roles with EC2
Create a DynamoDB table for something of your choosing (e.g. movies, food, games)
Add 10 or more items to the table
Create a t.2micro Ec2 instance
Using an IAM role and the principle of least privilege, grant the EC2 instance read access to DynamoDB.
Use the AWS CLI in the EC2 instance to scan the DynamoDB table
Use the AWS CLI in the EC2 instance to validate you cannot write an item to the DynamoDB table. You should receive an AccessDeniedException error
This should be done without using Access keys (aws configure)
Extra-credit: Do everything using the CLI. (Please only do this if you fully understand how to create the resources in the console)
- Create a new role in IAM with EC2 access to call AWS services
2. Create a DynamoDB table
a. Search for and access DynamoDB
b. Enter your DB tables name: MyGrands
c. Enter the partition key and sort key (which is optional)
d. Select the content type will be for the key: select from: String, Binary or number types
Continuing with the configurations for the DB table:
e. I selected the following for Settings and Table Class:
f. Read/Write capacity settings: {Selections that I made for this project}
g. Estimated cost based on the above Read/Write Capacity settings:
h. Click the Create Table button
i. Select the newly created table
j. Click the Actions drop-down arrow and select Create item
k. Enter the value (name)
l. If there are additional attributes to be entered, click the button labeled Add new attribute and continue
m. Upon completion of entering the various items, click the Create Item button and proceed to the next entry for the database table.
3. Creating an EC2 Instance:
a. Search for and select EC2 in the AWS management console
b. Click Launch instance
c. Select the desired AMI (Amazon Machine Image), I utilized: Amazon Linux 2 AMI (HVM) — Kernel 5.10, SSD Volume Type — ami-0c02fb55956c7d316 (64-bit x86) / ami-03190fe20ef6b1419 (64-bit Arm)
d. Based on this project’s requirements, I selected the t2 micro instance type.
e. Selecting all the defaults, I completed the process by selecting the Launch option.
f. Select the option to proceed without a key pair, however, you will only be able to connect to the instance via the EC2’s Instant Connect, which is only supported by Amazon Linux 2 or Ubuntu.
4. Grant EC2 the new Instance access to the DynamoDB database:
a. Access the instance created in step 3
b. Click on Actions, then select, Security and click on Modify IAM Role
c. Select the IAM Role that was created earlier in step 1
d. Click the save button
e. Due to my selecting the option to no create a key-pair, I used the Instant Connect option for the EC2.
f. Click the connect button on the lower right portion of the screen
g. You have successfully connected if you see the below screen:
5. Use the AWS CLI to scan the DynamoDB table by entering this command:
aws dynamodb scan — table-name MyGrands — region us-east-1
Sample of the scan:{
“Count”: 13,
“Items”: [
{
“months or years”: {
“S”: “Years”
},
“age”: {
“N”: “13”
},
“name”: {
“S”: “Nadiya”
},
“gender”: {
“S”: “Female”
}
},
6. Attempt to add a new item to the DynamoDB table named MyGrands:
aws dynamodb put-item — table-name MyGrands — item ‘{“name”: {“S”: “Newest GrandChild”}, “age”: {“N”: “2”}, “months or years”: {“S”: “Months”}, “gender”: {“S”: “Female”} }’ — return-consumed-capacity TOTAL — region us-east-1
Error explaining that the EC2 instance and assumed-role projweek8user did not have the authorization to update or add new items to the Dynamodb table named MyGrands.
If you receive the above error message, then you have successfully completed the task for this particular project.
Blessings
Morgan Clark
