AWS Locks Down Traffic Between DynamoDB and VPCs
Amazon Web Services (AWS) this week added another layer of security for customers using its Virtual Private Cloud (VPC) alongside its DynamoDB database solution.
A new capability, dubbed VPC Endpoints for DynamoDB, enables users to set up direct and private connections between their VPC environments and DynamoDB, completely bypassing the public Internet.
A VPC is an isolated section of AWS where users can run applications and other resources in a secure and customizable networking environment. Until now, if a user wanted to enable their VPC to access resources in DynamoDB, their options were both roundabout and open to security vulnerabilities.
"You could use an Internet Gateway (with a NAT Gateway or assigning your instances public IPs) or you could route all of your traffic to your local infrastructure via VPN or AWS Direct Connect and then back to DynamoDB," explained AWS technical evangelist Randall Hunt in a blog post Wednesday. "Both of these solutions had security and throughput implications and it could be difficult to configure NACLs or security groups to restrict access to just DynamoDB."
VPC Endpoints for DynamoDB negates the need for a NAT gateway and establishes a more direct and secure pathway from the VPC to DynamoDB. The VPC remains isolated and administrators don't have to set up a firewall to shield the VPC from the rest of the network.
In addition, VPC Endpoints for DynamoDB is a free capability, while NAT gateway connections carry a small hourly charge.
VPC Endpoints for DynamoDB is now supported in all AWS regions. Users can set up an endpoint from their AWS Management Console or using the AWS command-line interface. More information is available here.