How do I set up the AWS CLI so that I can work with an Amazon DynamoDB table on Amazon EC2?

Resolution

Create an AWS Identity and Access Management (IAM) role

To create an IAM role, do the following:

• For Select type of trusted entity, choose AWS service, and then choose EC2.
• For Attach permissions policies, choose AmazonDynamoDBFullAccess.
  Note: Follow the security best practice of granting least privilege to perform a task.

Attach the IAM role to an Amazon EC2 instance

1.    Launch an EC2 instance using an Amazon Linux Amazon Machine Image (AMI). Linux AMIs come with the AWS CLI installed.

2.    On the Configure Instance Details page, in the IAM role drop-down list, select the IAM role that you created earlier. Be sure that the subnet that you select is accessible from the internet.

3.    On the Configure Security Group page, be sure that you select a security group that allows SSH access from your IP address.

Connect to the instance using SSH

1.    Connect to your Linux instance using SSH.

2.    After you're connected, run the yum update command to be sure that the software packages on the instance are up to date.

Configure the AWS CLI

1.    Run the aws configure command.

2.    When prompted for an AWS Access Key ID and AWS Secret Access Key, press Enter. You don't need to provide keys because you're using an instance IAM role to connect with an AWS service.

3.    When prompted for Default region name, enter the Region where your DynamoDB tables are located. For example, ap-northeast-3. For a list of Region names, see Service endpoints.

4.    When prompted for Default output format, press Enter.

5.    Run the list-tables command to confirm that you can run DynamoDB commands on the AWS CLI.

Note: If you receive errors when running AWS CLI commands, make sure that you’re using the most recent version of the AWS CLI.

Related information

Using the AWS CLI with DynamoDB