Elastic Beanstalk can't connect DynamoDB

Question

I'm really newbie with aws, then sorry if it's a silly question.

I did a website which connects with an online DynamoDB table and it is fully working on my local, but when I deploy the website code in my Elastic Beanstalk environment, it doesn't connect to the DynamoDB table.

Is there some configuration I should have done?

I am afraid nobody else had this problem.

My website have been written in using the aws php sdk by the aws.phar.

I did create a policy for the iam user as follow:

    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Action": [
                    "dynamodb:GetItem",
                    "dynamodb:PutItem"
                ],
                "Effect": "Allow",
                "Resource": [DynamoDB table],
                "Condition": {
                    "ForAllValues:StringEquals": {
                        "dynamodb:Attributes": [
                            [Lists of attributes]
                        ]
                    }
                }
            }
        ]
    }

Where is your website hosted? And are you using RDS for dynamodb? — Piyush Patil, Sep 18 '16 at 16:26
I'm not sure I understood the first question. The domain i bought on route53, and my website is on elastic beanstalk. On local I use XAMPP. About the second question, RDS isn't only for the relational databases? — Felipe Soares, Sep 18 '16 at 16:29
SSH into the EC2 instance and try connecting to the dynamodb from command line https://docs.aws.amazon.com/cli/latest/reference/dynamodb/ — Piyush Patil, Sep 18 '16 at 17:03
Yes @error2007s, I could run both get-item and put-item commands from the EC2, but first I had to run `aws configure`. Do this mean something? I thought the website could work now, but it doesn't happend — Felipe Soares, Sep 18 '16 at 17:57
How are you using that IAM user within your Elastic Beanstalk application? By the way, you should be using EC2 Instance Profiles instead of IAM users. — Mark B, Sep 18 '16 at 18:59
@MarkB, you are right! I just modify permissions of the role to EC2 and now it's fully working! Thank you guys! — Felipe Soares, Sep 18 '16 at 19:31

score 5 · Accepted Answer · answered Sep 18 '16 at 19:34

5

This was solved by adding the correct permission of the role automatically created by Elastic Beanstalk to the EC2 instance.

http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html

answered Sep 18 '16 at 19:34

Felipe Soares

121
1
8

1

Setting Permission from amazon console https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#attach-iam-role – abhishek ringsia Aug 08 '18 at 11:44

score 0 · Answer 2 · edited Aug 05 '20 at 17:17

It worked for me when I included the details about the region, access key and secret key in the code. I replaced the

dynamodb = boto3.resource('dynamodb')

with

dynamodb = boto3.resource('dynamodb', region_name = Region_NAME, 
    aws_access_key_id = ACCESS_KEY, aws_secret_access_key =
    SECRET_ACCESS_KEY)

Although this is not a recommended solution, as you should not include the credentials in the code due to security issues.

Elastic Beanstalk can't connect DynamoDB

2 Answers2