Version 23.4.8843

• Establish a Connection
  • ADFS
  • AwsRootKeys
  • AwsIAMRoles
  • AwsEC2Roles
  • AwsMFA
  • AwsCredentialsFile
  • Okta
  • PingFederate
  • AwsCognitoBasic
  • AwsCognitoSrp
• More Information

You can use the Amazon DynamoDB connector from the CData Sync application to capture data from Amazon DynamoDB and move it to any supported destination. To do so, you need to add the connector, authenticate to the connector, and complete your connection.

Establish a Connection

To allow Sync to use data from Amazon DynamoDB, you first must establish a connection to Amazon DynamoDB. Follow these steps to connect Amazon DynamoDB to your Sync account:

1. Open the Connections page of the Sync dashboard.

2. Click Add Connection to open the Select Connectors page.

3. Click the Sources tab and locate the Amazon DynamoDB row.

4. Click the Configure Connection icon at the end of that row. If you do not see the Configure Connection icon, you need to add the connector according to the instructions in Connections.

5. Enter connection settings on the Settings tab:

   • Connection Name - Enter a connection name of your choice.

   • Auth Scheme -Select your authentication scheme below to proceed to the relevant section for your scheme. Then fill out the settings as specified in that section.

     • ADFS
     • AwsRootKeys
     • AwsIAMRoles
     • AwsEC2Roles
     • AwsMFA
     • AwsCredentialsFile
     • Okta
     • PingFederate
     • AwsCognitoBasic
     • AwsCognitoSrp

   • AWS Region - Select the region that hosts your Amazon Web Services. The default region is NORTHERNVIRGINIA.

6. Click Create & Test to create the connection.

7. Define advanced connection settings on the Advanced tab. (In most cases, though, you should not need these settings.)

ADFS

1. For the ADFS scheme, specify these settings:

   • User - Enter the username that you use to authenticate to your ADFS account.

   • Password - Enter the password that you use to authenticate to your ADFS account.

   • SSO Login URL - Enter the login URL that is used by your SSO provider.

   • Use Lake Formation - Select True if you want the AWS Lake Formation service to retrieve temporary credentials. These temporary credentials enforce access policies against the user based on the configured IAM role. You can use this service when you authenticate through Okta, ADFS, and PingFederate, while providing a Security Assertion Markup Language (SAML) assertion. The default setting for Use Lake Formation is False.

2. Complete the remaining steps.

AwsRootKeys

1. For the AwsRootKeys scheme, specify these settings:

   • AWS Access Key - Enter your Amazon Web Services (AWS) account access key. You can locate this value on your AWS security credentials page.

   • AWS Secret Key - Enter your AWS account secret key. You can locate this value on your AWS security credentials page.

2. Complete the remaining steps.

AwsIAMRoles

1. For the AwsIAMRoles scheme, specify these settings:

   • AWS Access Key - Enter your Amazon Web Services (AWS) account access key. You can locate this value on your AWS security credentials page.

   • AWS Secret Key - Enter your AWS account secret key. You can locate this value on your AWS security credentials page.

   • AWS Role ARN - Enter the Amazon Resource Name (ARN) for the role with which you want to authenticate.

   • AWS External Id - Enter the unique identifier that is required when you assume a role in another account.

2. Complete the remaining steps.

AwsEC2Roles

1. Use this scheme to authenticate, as follows. If you use Sync from an EC2 instance and an IAM role is assigned to the instance, use that IAM role to authenticate. You do not need to specify AWS Access Key and AWS Secret Key because Sync obtains your IAM role credentials automatically and authenticates with them.

   If you also use an IAM role to authenticate, you must specify the following properties:

   • AWS Role ARN - Enter the Amazon Resource Name (ARN) for the role with which you want to authenticate.

   • AWS External Id - Enter the unique identifier that is required when you assume a role in another account.

2. Complete the remaining steps.

AwsMFA

1. For the AwsMFA scheme, specify these settings:

   • MFA Serial Number - Enter the serial number for your multifactor authentication (MFA) device, if you are using such a device.

   • MFA Token - Enter the temporary token that is available from your MFA device.

   • Temporary Token Duration - Enter the amount of time (in seconds) a temporary token will last. The default duration is 3600.

2. Complete the remaining steps.

AwsCredentialsFile

1. For the AwsCredentialsFile scheme, specify these settings:

   • AWS Credentials File - Enter the location of your Amazon Web Services (AWS) credentials file.

   • AWS Credentials File Profile (optional) - Enter the name of the AWS profile that you want to use from the credentials file that you specify. If you do not enter a profile name, Sync uses the profile named default.

2. Complete the remaining steps.

Okta

1. For the Okta scheme, specify these settings:

   • User - Enter the username that you use to authenticate to your Okta account.

   • Password - Enter the password that you use to authenticate to your Okta account.

   • SSO Login URL - Enter the login URL that is used by your SSO provider.

   • SSO Properties - Enter a comma-separated list of the single sign-on (SSO) properties that you want to use.

   • Use Lake Formation - Select True if you want the AWS Lake Formation service to retrieve temporary credentials. These temporary credentials enforce access policies against the user based on the configured IAM role. You can use this service when you authenticate through Okta, ADFS, and PingFederate, while providing a Security Assertion Markup Language (SAML) assertion. The default setting for Use Lake Formation is False.

2. Complete the remaining steps.

PingFederate

1. For the PingFederate scheme, specify these settings:

   • User - Enter the username that you use to authenticate to your PingFederate account.

   • Password - Enter the password that you use to authenticate to your PingFederate account.

   • SSO Login URL - Enter the login URL that is used by your SSO provider.

   • SSO Properties - Enter a comma-separated list of the single sign-on (SSO) properties that you want to use.

   • SSO Exchange UrI - Enter the Partner Service Identifier URI that is configured in your PingFederate server instance. The URI is available under SP Connections > SP Connection > WS-Trust > Protocol Settings.

   • Use Lake Formation - Select True if you want the AWS Lake Formation service to retrieve temporary credentials. These temporary credentials enforce access policies against the user based on the configured IAM role. You can use this service when you authenticate through Okta, ADFS, and PingFederate, while providing a Security Assertion Markup Language (SAML) assertion. The default setting for Use Lake Formation is False.

2. Complete the remaining steps.

AwsCognitoBasic

1. For the ADFS scheme, specify these settings:

   • AWS Cognito Region - Select the region for your Amazon Web Services (AWS) user pool. The default region is NORTHERNVIRGINIA.

   • AWS User Pool Id - Enter your AWS user-pool Id.

   • AWS User Pool Client App Id - Enter your AWS user-pool client application Id.

   • AWS Identity Pool Id - Enter the identity-pool Id of the that is linked with your user pool.

   • AWS User Pool Client App Secret - Enter the secret for your user-pool client.

2. Complete the remaining steps.

AwsCognitoSrp

1. For the ADFS scheme, specify these settings:

   • AWS Cognito Region - Select the region for your Amazon Web Services (AWS) user pool. The default region is NORTHERNVIRGINIA.

   • AWS User Pool Id - Enter your AWS user-pool Id.

   • AWS User Pool Client App Id - Enter your AWS user-pool client application Id.

   • AWS Identity Pool Id - Enter the identity-pool Id of the that is linked with your user pool.

   • AWS User Pool Client App Secret - Enter the secret for your user-pool client.

2. Complete the remaining steps.

More Information

For more information about interactions between CData Sync and Amazon DynamoDB, see Amazon DynamoDB Connector for CData Sync.