By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Connect EC2 to DynamoDB

0

Hi

I cant seem to connect to DynamoDB from my EC2 instance.

I have set up a roll with full access to DynamoDB and applied it to the EC2 instance. I assume any instance in the same account can access the Dynamo table or am I missing a step? There doesn't seem to be much help on the AmazonDynamoDBConfig part.

This is my code in .Net.

AmazonDynamoDBConfig clientConfig = new AmazonDynamoDBConfig();
   clientConfig.RegionEndpoint = RegionEndpoint.EUWest2;
   AmazonDynamoDBClient dynamoDbClient = new AmazonDynamoDBClient(clientConfig);
   var response = dynamoDbClient.ListTables(new ListTablesRequest());

The error is: Unable to get IAM security credentials from EC2 Instance Metadata Service.

  • Oleksii Bebych EXPERT
    a month ago

    please accept the answer if it was useful

Topics
ComputeDatabase
Tags
Amazon EC2Amazon DynamoDB
Language
English
Leigh
asked a month ago235 views
3 Answers
1

I assume any instance in the same account can access the Dynamo table

No. You must apply IAM role (instance profile) to every particular EC2 instance

You can do it during instance creation or for existing EC2 instance

Enter image description here

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

profile picture
EXPERT
Oleksii Bebych
answered a month ago
profile pictureAWS
EXPERT
Didier_Durand
reviewed a month ago
  • Leigh
    a month ago

    Yes I did that on the instance already but still the same problem. I added it to an already running and active server.

  • Oleksii Bebych EXPERT
    a month ago

    what this command shows ? aws sts get-caller-identity

    does your instance have access to the internet ?

  • Leigh
    a month ago

    using cli it gives : Unable to locate credentials. You can configure credentials by running "aws configure". It has internet.

  • Oleksii Bebych EXPERT
    a month ago

    cat ~/.aws/credentials

1

Hi,

Did you check via aws sts get-caller-identity (or equiv in your SDK language) under which id you were executing the dDnamoDB. GIven your error, it's probably not under the identity of the role that you have defined.

So, add aws sts assume-role --role-arn "<arn-of-your-role>" in your code prior to DDB calls and it should go through.

Best,

Didier

profile pictureAWS
EXPERT
Didier_Durand
answered a month ago
  • Leigh
    a month ago

    Does that still apply though as I am using the same account EC2 and DynamoDB?

  • Leigh
    a month ago

    I tried that and it gives, Unable to locate credentials. You can configure credentials by running "aws configure". Is it possible the firewall in aws prevents a response?

0

Ensure that the subnet in which your instance sits has either internet access (IGW in the route table) or a gateway endpoint for DynamoDB in the route table.

This link has the details on the Gateway Endpoint for Dynamo. https://docs.aws.amazon.com/vpc/latest/privatelink/vpc-endpoints-ddb.html

Hope this helps!

profile pictureAWS
EXPERT
iBehr
answered a month ago
  • Leigh
    a month ago

    it has internet access

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content