# Amazon DynamoDB This article outlines the integration with the Amazon DynamoDB connector, enabling streamlined metadata management through features such as crawling, data preview, data quality, and manual lineage building. It also ensures secure authentication via Credential Manager.

## Overview ### Connector Details | Connector Category | NoSQL | | ----------------------------------------------------------------------------------- | ---------------- | | Connector Version | Release 7.1.1 | | Releases Supported (Available from) | Release6.0 | |

Connectivity

\[How the connection is established with Amazon DynamoDB]

| AWS DynamoDB SDK | ### Connector Features | Feature | Availability | | -------------------------------------------- | :----------: | | Crawling | ✅ | | Delta Crawling | ❌ | | Profiling | ❌ | | Query Sheet | ❌ | | Data Preview | ✅ | | Auto Lineage | ❌ | | Manual Lineage | ✅ | | Secure Authentication via Credential Manager | ✅ | | Data Quality | ✅ | | DAM (Data Access Management) | ❌ | | Bridge | ✅ | ### Metadata Mapping The following objects are crawled from Amazon DynamoDB and mapped to the corresponding UI assets.

Amazon DynamoDB Object	Amazon DynamoDB Attribute	OvalEdge Attribute	OvaEdge Category	OvalEdge Type
Schema	Schema name	Schema	Databases	Schema
Schema	Schema comment	Source Description	Databases	Schema
Table	Table Name	Table	Tables	Ttable
Table	Table Type	Type	Tables	Table
Table	Table Comments	Source Description	Descriptions	Source Description
Columns	Column Name	Column	Table Columns	Columns
Columns	Data Type	Column Type	Table Columns	Columns
Columns	Description	Source Description	Table Columns	Columns
Columns	Ordinal Position	Column Position	Table Columns	Columns
Columns	Length	Data Type Size	Table Columns	Columns

## Set up a Connection ### Prerequisites The following are the prerequisites to establish a connection. ### **Service Account User Permissions** {% hint style="warning" %} It is recommended to use a separate service account to establish the connection to the data source, configured with the following minimum set of permissions. {% endhint %} {% hint style="info" %} 👨‍💻Who can provide these permissions? These permissions are typically granted by the Amazon DynamoDB administrator, as users may not have the required access to assign them independently. {% endhint %}

Objects	System Tables	Access Permission
Tables	getRemoteTables	dynamodb:ListTables dynamodb:DescribeTable dynamodb:ListTagsOfResource
Columns	getRemoteColumns	dynamodb:Scan
Connector Validation	validateConnection	dynamodb:ListTables
profile	getSampleProfileResults	dynamodb:Scan

### Connection Configuration Steps {% hint style="warning" %} Users are required to have the Connector Creator role in order to configure a new connection.
{% endhint %} 1. Log into **OvalEdge**, go to **Administration > Connectors**, click **+ (New Connector)**, search for **Amazon DynamoDB**, and complete the required parameters. {% hint style="info" %} Fields marked with an asterisk (\*) are mandatory for establishing a connection. {% endhint %}

Field Name	Description
Connector Type	By default, "Amazon DynamoDB" is displayed as the selected connector type.
Authentication	The following two types of authentication are supported for Amazon DynamoDB: Role Based IAM User-based

Field Name

Description

Connector Type

By default, "Amazon DynamoDB" is displayed as the selected connector type.

Authentication

The following two types of authentication are supported for Amazon DynamoDB:

Role Based
IAM User-based

{% tabs %} {% tab title="Role Based Authentication" %}

Field Name	Description
Credential Manager*	Select the desired credentials manager from the drop-down list. Relevant parameters will be displayed based on the selected option. Supported Credential Managers: Database AWS Secrets Manager HashiCorp Azure Key Vault
License Add Ons	Select the checkbox for Data Quality Add-On to identify data quality issues using data quality rules and anomaly detection.
Connector Name*	Enter a unique name for the Amazon DynamoDB connection (Example: "AmazonDynamoDB").
Connector Description	Enter a brief description of the connector.
Connector Environment	Select the environment (Example: PROD, STG) configured for the connector.
Cross Account Role ARN	Amazon Resource Name (ARN) of the IAM role used to enable cross-account access to DynamoDB.
Database Region*	AWS region where the DynamoDB instance is hosted. Select the appropriate region to establish the connection.
Filter by Tags	An optional field to filter and connect only to DynamoDB resources that match the specified AWS tags.

{% endtab %} {% tab title="IAM Based Authentication" %}

Field Name	Description
Credential Manager*	Select the desired credentials manager from the drop-down list. Relevant parameters will be displayed based on the selected option. Supported Credential Managers: Database AWS Secrets Manager HashiCorp Azure Key Vault
License Add Ons	Select the checkbox for Data Quality Add-On to identify data quality issues using data quality rules and anomaly detection.
Connector Name*	Enter a unique name for the Amazon DynamoDB connection (Example: "AmazonDynamoDB").
Connector Description	Enter a brief description of the connector.
Connector Environment	Select the environment (Example: PROD, STG) configured for the connector.
Access Key*	AWS Access Key ID used for authentication to connect to DynamoDB.
Secret Key*	AWS Secret Access Key paired with the Access Key for authentication.
Database Region*	AWS region where the DynamoDB instance is hosted. Select the appropriate region to establish the connection.
Filter by Tags	An optional field to filter and connect only to DynamoDB resources that match the specified AWS tags.

{% endtab %} {% endtabs %}

Default Governance Roles
Default Governance Roles*	Select the appropriate users or teams for each governance role from the drop-down list. All users configured in the security settings are available for selection.
Admin Roles
Admin Roles*	Select one or more users from the dropdown list for Integration Admin and Security & Governance Admin. All users configured in the security settings are available for selection.
No of Archive Objects
No Of Archive Objects*	This shows the number of recent metadata changes to a dataset at the source. By default, it is off. To enable it, toggle the Archive button and specify the number of objects to archive. Example: Setting it to 4 retrieves the last four changes, displayed in the 'Version' column of the 'Metadata Changes' module.
Bridge
Select Bridge*	If applicable, select the bridge from the drop-down list. The drop-down list displays all active bridges that have been configured. These bridges facilitate communication between data sources and the system without requiring changes to firewall rules.

2. After entering all connection details, the following actions can be performed: 1. Click **Validate** to verify the connection. 2. Click **Save** to store the connection for future use. 3. Click **Save & Configure** to apply additional settings before saving. 3. The saved connection will appear on the Connectors home page. ## Manage Connector Operations ### Crawl {% hint style="warning" %} To perform crawl operations, users must be assigned the Integration Admin role. {% endhint %} 1. Navigate to the **Connectors** page and click **Crawl/Profile**. 2. Select the schemas to be crawled. 3. The Crawl option is selected by default. To perform both operations, select the **Crawl & Profile** radio button. 4. Click **Run** to collect metadata from the connected source and load it into the **Data Catalog**. 5. After a successful crawl, the information appears in the **Data Catalog > Databases** tab. ### Other Operations The **Connectors** page provides a centralized view of all configured connectors, along with their health status. **Managing connectors includes:** * **Connectors Health:** Displays the current status of each connector using a green icon for active connections and a red icon for inactive connections, helping to monitor the connectivity with data sources. * **Viewing:** Click the **Eye** icon next to the connector name to view connector details, including databases, tables, columns, and codes. **Nine Dots Menu Options:** To view, edit, validate, configure, or delete connectors, click on the **Nine Dots** menu. * **Edit Connector:** Update and revalidate the data source. * **Validate Connector:** Check the connection's integrity. * **Settings:** Modify connector settings. * **Crawler:** Configure data extraction. * **Profiler:** Customize data profiling rules and methods. * **Access Instructions:** Add notes on how data can be accessed. * **Business Glossary Settings:** Manage term associations at the connector level. * **Others:** Configure notification recipients for metadata changes. * **Delete Connector:** Remove a connector with confirmation. ## Connectivity Troubleshooting If incorrect parameters are entered, error messages may appear. Ensure all inputs are accurate to resolve these issues. If issues persist, contact the assigned support team.

S.No.	Error Message(s)	Error Description & Resolution
1	Error occurred while validating the DynamoDB connection: The security token included in the request is invalid.	Description: Connection validation failed because the provided AWS Access Key is incorrect or invalid. Resolution: Verify and re-enter the correct AWS Access Key in the configuration settings.
2	Error occurred while validating the DynamoDB connection: Check your AWS Secret Access Key and signing method.	Description: Connection validation failed because the AWS Secret Key does not match the expected signature. Resolution: Verify and re-enter the correct AWS Secret Access Key, and ensure the correct signing method is used.
3	Error occurred while validating the DynamoDB connection: Check your AWS Secret Access Key and signing method.	Description: The connected AWS user account lacks the required permissions to list tables in DynamoDB. Resolution: Grant the IAM user or role the dynamodb: ListTables permission in AWS IAM policies, then retry the connection.

S.No.

Error Message(s)

Error Description & Resolution

Error occurred while validating the DynamoDB connection:

The security token included in the request is invalid.

Description: Connection validation failed because the provided AWS Access Key is incorrect or invalid.

Resolution: Verify and re-enter the correct AWS Access Key in the configuration settings.

Error occurred while validating the DynamoDB connection: Check your AWS Secret Access Key and signing method.

Description: Connection validation failed because the AWS Secret Key does not match the expected signature.

Resolution: Verify and re-enter the correct AWS Secret Access Key, and ensure the correct signing method is used.

Error occurred while validating the DynamoDB connection:

Check your AWS Secret Access Key and signing method.

Description: The connected AWS user account lacks the required permissions to list tables in DynamoDB.

Resolution: Grant the IAM user or role the dynamodb: ListTables permission in AWS IAM policies, then retry the connection.