DynamoDB

Prerequisites

To get the most out of this guide, you will need to:

Either create an account in our managed instance or deploy your own hoop.dev instance
You must be your account administrator to perform the following commands

Features

The table below outlines the features available for this type of connection.

Native - This refers to when a database client connects through a specific protocol, such as an IDE or client libraries through hoop connect <connection-name>.
One Off - This term refers to accessing this connection from hoop web panel.

Feature	Native	One Off	Description
TLS Termination Proxy			The local proxy terminates the connection with TLS, enabling the connection with the remote server to be TLS encrypted.
Audit			The gateway stores and audits the queries being issued by the client
Data Masking (Google DLP)			A policy can be enabled to mask sensitive fields dynamically when performing queries in the database.
Data Masking (MS Presidio DLP)			A policy can be enabled to mask sensitive fields dynamically when performing queries in the database.
Credentials Offload			The user authenticates via SSO instead of using the service credentials.
Interactive Access			Interactive access is available when using an IDE or connecting via a terminal for analysis exploration.

Configuration

Name	Type	Required	Description
AWS_ACCESS_KEY_ID	env-var	yes	The AWS access key ID for DynamoDB access
AWS_SECRET_ACCESS_KEY	env-var	yes	The AWS secret access key for DynamoDB access
AWS_REGION	env-var	yes	The AWS region where your DynamoDB tables are located (e.g., `us-east-1`, `eu-west-1`)

The AWS credentials require the minimal set of IAM permissions to work:

dynamodb:Query
dynamodb:DescribeTable
dynamodb:ListTables

Connection Setup

The flag --type custom/dynamodb allows displaying the introspection schema in the web interface.

hoop admin create conn my-dynamodb -a <agent-name> \
    --overwrite \
    --type custom/dynamodb \
    --schema=enabled \
    --skip-validation \
    -e AWS_ACCESS_KEY_ID=AKIAIOSFODNN7EXAMPLE \
    -e AWS_SECRET_ACCESS_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY \
    -e AWS_REGION=us-west-2 \
    -- bash

Currently, DynamoDB connections cannot be created through the web interface. Use the CLI command above to create the connection, then it will be available in the web app for use.

Connection Usage

CLI

hoop exec my-dynamodb -i 'aws dynamodb scan --table-name Movies'

Web panel

When you select a table in the interface, the terminal will propagate the name as TABLE_NAME environment variable, allowing you to use it in your scripts. The example above shows the variable being used in a script to scan the Movies table.

Introduction

Features

Clients

Quickstart

Setup & Administration

Concepts

Integrations

Prerequisites

Features

Configuration

Connection Setup

Connection Usage

CLI

Web panel

Introduction

Features

Clients

Quickstart

Setup & Administration

Concepts

Integrations

​Prerequisites

​Features

​Configuration

​Connection Setup

​Connection Usage

​CLI

​Web panel

Prerequisites

Features

Configuration

Connection Setup

Connection Usage

CLI

Web panel