Secure an EC2 Application Connection to DynamoDB on AWS
In this lab, you’ll implement network and instance security by securing an EC2 app's connection to DynamoDB. When complete, you’ll have a Flask app on EC2 that connects to DynamoDB, and you'll be able to manage access to both of these resources.
Terms and conditions apply.
Challenge
Observe the Pre-allocated Resources for This Lab
Familiarize yourself with the pre-built resources and their architecture.
Challenge
Edit Inbound Rules for VPC Security Group
The security group associated with the VPC must allow traffic to flow to and from the internet.
Challenge
Run and View Your Application on Cloud9
Now you can create an EC2 instance for your application that connects to DynamoDB; however, to make running the code on EC2 easier, a Cloud9 environment was pre-created that has the application code downloaded on an EC2 instance in the subnet.
Challenge
Attach IAM Role to EC2 Instance to Allow DynamoDB Access
You’ll create an IAM Role to allow access to DynamoDB.
Challenge
Create and Scan DynamoDB Tables
Now that the application has access to DynamoDB you can create the Song table, write items to the table, and scan items from the table.
Challenge
Create VPC Endpoint and Block Outbound Access
If this instance were to get compromised by an attacker, they could turn it into a source of malicious traffic. By blocking outbound traffic, and instead using a VPC endpoint, that can be prevented.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.
Recommended prerequisites
- AWS EC2
- AWS DynamoDB