Skip to main content

Privacera Documentation

Connect DynamoDB to PrivaceraCloud

This topic describes how to connect DynamoDB application to PrivaceraCloud.

Connecting to an AWS hosted data source requires authentication or a Trust relation with those resources. You will provide this information as one step in the AWS Data resource connection. You will also need to specify your AWS Account Region.

Prerequisites in AWS console

The following prerequisites must be met:

  1. Create or use an existing IAM role in your environment. The role should be given access permissions by attaching an access policy in the AWS Console.

  2. Configure a Trust relationship with PrivaceraCloud See AWS Access with IAM role on PrivaceraCloud for specific instructions and requirements for configuring this IAM Role.

Connect DynamoDB application to PrivaceraCloud

  1. Go to Settings > Applications.

  2. On the Applications screen, select DynamoDB.

  3. Enter the application Name and Description, and then click Save.

    You can see Privacera Access Management with the toggle buttons.

Enable Privacera Access Management for DynamoDB

  1. Click the toggle button to enable Privacera Access Management for your application.

  2. On the BASIC tab, enter values in the following fields:

    • With Use IAM Role disabled:

      • AWS Access Key: AWS data repository host account Access Key.

      • AWS Secret Key: AWS data repository host account Secret Key.

      • AWS Region: AWS S3 bucket region.

    • With Use IAM Role enabled:

      • AWS IAM Role: Enter the actual IAM Role using a full AWS ARN.

      • AWS IAM Role External Id: For additional security, and external ID can be attached to your IAM role configured. This assures that your IAM role can be assumed by PrivaceraCloud only when the configured external ID is passed.

        Note

        The external ID is stored encrypted. It is never reflected back to the UI or is made visible.

      • AWS Region: AWS S3 bucket region.

  3. On the ADVANCED tab, you can add custom properties.

  4. Using the IMPORT PROPERTIES button, you can browse and import application properties.

  5. Click the TEST CONNECTION button to check if the connection is successful, and then click Save.

  6. Recommended: Install the AWS CLI.

    Open Launch Pad and follow the steps to install and configure AWS CLI to your workstation so that it uses the PrivaceraCloud Data Server proxy.

  7. Recommended: Validate connectivity by running AWS CLI for DynamoDB such as:

    aws dynamodb list-tables

Enable Data Discovery for DynamoBD

  1. Click the toggle button to enable Data Discovery for your application.

  2. On the BASIC tab, enter values in the following fields.

    • With Use IAM Role disabled:

      • AWS Access Key: AWS data repository host account Access Key.

      • AWS Secret Key: AWS data repository host account Secret Key.

      • AWS Region: AWS S3 bucket region.

    • With Use IAM Role enabled:

      • AWS IAM Role: Enter the actual IAM Role using a full AWS ARN.

      • AWS Region: AWS S3 bucket region.

  3. On the ADVANCED tab, you can add custom properties.

  4. Using the IMPORT PROPERTIES button, you can browse and import application properties.

  5. Click the TEST CONNECTION button to check if the connection is successful, and then click Save.

Go to PrivaceraCloud > Privacera Discovery > Data Source to add a resources using this connection as Discovery targets. See Privacera Discovery scan targets for quick start steps.