Prerequisites¶

This section outlines the prerequisites for setting up the Discovery scanning feature for AWS DynamoDB.

Here are some of the prerequisites for setting up the Discovery scanning feature for AWS DynamoDB:

• To enable Discovery and Portal pods to access AWS DynamoDB resources, you must configure an IAM policy (e.g. privacera-discovery-scan-dynamodb-policy-privacera-prod)
• The recommendation is to create a policy with the following permissions and attach it to the IAM role that is assigned to the Discovery and Portal pods.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
              "dynamodb:BatchGet*",
              "dynamodb:DescribeTable",
              "dynamodb:Get*",
              "dynamodb:Query",
              "dynamodb:Scan"
            ],
            "Resource": [
                "arn:aws:dynamodb:<AWS_REGION>:<ACCOUNT_ID>:table/<DISCOVERY_SCAN_TABLE_NAME_1>",
                "arn:aws:dynamodb:<AWS_REGION>:<ACCOUNT_ID>:table/<DISCOVERY_SCAN_TABLE_NAME_2>"
            ]

        },
        {
            "Effect": "Allow",
            "Action": [
              "dynamodb:ListTables"
            ],
            "Resource": "*"

        }
    ]
}

• After creating the policy, attach it to the IAM role assigned to the Discovery and Portal pods (e.g.privacera-discovery-role-privacera-prod). For instructions on attaching the policy to the IAM role, refer to Attaching policy to Discovery Service IAM role

Comments