Creating an AWS DynamoDB Table using the AWS console

4 min readSep 22, 2022

This is a guide on how to create a DynamoDB table, scan the table, and create permissions that prevent writing to the table. As always if you have any questions please feel free to reach out to me on LinkedIn!

Prerequisites

AWS account with admin permissions

Objective

Create a DynamoDB table.
Create an EC2 instance.
Using an IAM role and the principle of least privilege, grant the EC2 instance read access to DynamoDB.
Use the AWS CLI in the EC2 instance to scan the DynamoDB table.
Use the AWS CLI in the EC2 instance to validate you cannot write an item to the DynamoDB table.

Creating a DynamoDB Table

To begin we will head over to DynamoDB in the AWS console and select Create table. Let’s provide a name, partition key, and sort key for our table. A partition key is considered a hash value that is used to retrieve items from a table and a sort key acts as another column for our table. Together they create what is called a composite key. When utilizing a sort key allows you to have multiple partition keys with the same value, which in my case I will need as I will have multiple partition keys that are the same.

We can leave all other settings default and scroll to the bottom to select Create table. Once our table is created, let’s select it and navigate to Explore items in the upper right. Now select Create item, add our desired data to the table, and select Create item. Go ahead and enter in as many values as you’d like, once you’re done your table should look something like this.

Create and Configure IAM Role

To start, let’s head over to Identity and Access Management, select Roles on the left-hand side, select Create role, and under Common use cases, we can select EC2.

Click Next, search for DynamoDBReadOnlyAccess, click next again, and finally give your role a name then select Create role.

Create EC2 Instance

Now, let’s head over to EC2 ad select Instances, then Launch instances, and provide a globally unique name. Now we will need to select our AMI, I chose to use an Amazon Linux AMI T2.micro.

Provide a key, then scroll down to the Advanced details tab then navigate to IAM instance profile, and select our newly created IAM role.

Leave all other settings as default, then select Launch instance, and we are good to go!

Scan your DynamoDB Table

To scan our DynamoDB Table, let’s select our newly created EC2 instance and click Connect in the top right. If you need help connecting to your instance check out the AWS docs here.

Now that we are in our instance let’s scan our table! Enter the following command in your CLI aws dynamodb scan — table-name <enter-dynamodb-table-here> — region <enter-region-here> and if you were successful you should receive an output similar to this

Try to Write to DynamoDB Table

We want to make sure that our permissions are working properly and that we cannot add anything to this table, to double-check this let’s run the following command in your CLI aws dynamodb put-item — table-name <enter-dynamodb-table-here> — item ‘{“<enter-partition-key-here>”: {“S”: “Test”},”<enter-sort-key-here>”: {“S”: “Testing”}}’ — region <enter-region-here> and if you were successful you should receive an output similar to this.

Here we can see that our EC2 instance can read our DynamoDB table, however, it is not able to write to the table. Success!

For clean-up, we need to be sure that we delete our DynamoDB table, EC2 instance, and the IAM role we created.