限制来自特定AWS VPC的AWS DynamoDB访问 [英] Restrict AWS DynamoDB access from particular AWS VPC
问题描述
在我的应用程序中使用Dynamo DB。我有一些关键的参考值,并希望将其保留在DynamoDB中。我对此不太确定,但是我们可以制定政策或方法来限制从任何VPC进行DynamoDb表访问吗?
Using Dynamo DB for my application. I have some critical reference values and want to keep those in DynamoDB. I am not very sure about this but can we have a policy or way to restrict that DynamoDb table access from any VPC?
感谢
Kiran
Thanks Kiran
推荐答案
无法限制来自VPC的访问,因为DynamoDB在VPC之外作为区域管理服务运行。
Limiting access from a VPC is not possible, since DynamoDB operates as a regional manage service outside your VPC.
不过,还有其他几种方法可以实现对Dynamodb的访问控制。
1)使用IAM用户访问密钥和策略
2)使用Cognito /用户池或Amazon STS使用联合访问控制
However there are several other ways to implement access control to Dynamodb. 1) Using IAM user access keys and policies 2) Using federated access control using Cognito/User Pools or Amazon STS
注意:如果需要更多的访问粒度,可以使用Dynamodb 细粒度访问控制机制。如果您的数据非常敏感,请尝试使用Amazon KMS。
Note: If you need more granularity of access, you can use Dynamodb fine grained access control mechanisms. If your data are highly sensitive try considering Amazon KMS.
这篇关于限制来自特定AWS VPC的AWS DynamoDB访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!