Version 24.2.9064

• Add the Amazon DynamoDB Connector
• Authenticate to Amazon DynamoDB
  • Active Directory Federation Services
  • AWS Root Keys
  • AWS IAM Roles
  • AWS EC2 Roles
  • AWS Multi-Factor Authentication
  • AWS Credentials File
  • Okta
  • PingFederate
  • AWS Cognito Basic
  • AWS Cognito Secure Remote Password
• Complete Your Connection
• More Information

You can use the Amazon DynamoDB connector from the CData Sync application to capture data from Amazon DynamoDB and move it to any supported destination. To do so, you need to add the connector, authenticate to the connector, and complete your connection.

Add the Amazon DynamoDB Connector

To enable Sync to use data from Amazon DynamoDB, you first must add the connector, as follows:

1. Open the Connections page of the Sync dashboard.

2. Click Add Connection to open the Select Connectors page.

3. Click the Sources tab and locate the Amazon DynamoDB row.

4. Click the Configure Connection icon at the end of that row to open the New Connection page. If the Configure Connection icon is not available, click the Download Connector icon to install the Amazon DynamoDB connector. For more information about installing new connectors, see Connections.

Authenticate to Amazon DynamoDB

After you add the connector, you need to set the required properties.

On the New Connection page, enter the connection name of your choice. *

CData Sync supports authenticating to Amazon DynamoDB in several ways. Select your authentication method below to proceed to the relevant section that contains the authentication details.

• ADFS
• AwsRootKeys (default)
• AwsIAMRoles
• AwsEC2Roles
• AwsMFA
• AwsCredentialsFile
• Okta
• PingFederate
• AwsCognitoBasic
• AwsCognitoSrp

Active Directory Federation Services

To connect with single sign-on (SSO) via ADFS, specify the following properties:

• Auth Scheme - Select ADFS.

• User - Enter the username that you use to authenticate to your ADFS account.

• Password - Enter the password that you use to authenticate to your ADFS account.

• SSO Login URL - Enter the login URL that is used by your SSO provider.

• Use Lake Formation (optional) - Select True if you want the AWS Lake Formation service to retrieve temporary credentials. These temporary credentials enforce access policies against the user based on the configured IAM role. You can use this service when you authenticate through Okta, ADFS, and PingFederate, while providing a Security Assertion Markup Language (SAML) assertion. The default setting for Use Lake Formation is False.

AWS Root Keys

To connect with your account root credentials, specify the following properties:

• Auth Scheme - Select AwsRootKeys.

• AWS Access Key - Enter your Amazon Web Services (AWS) account access key. You can locate this value on your AWS security credentials page.

• AWS Secret Key - Enter your AWS account secret key. You can locate this value on your AWS security credentials page.

AWS IAM Roles

To connect with your IAM user credentials, specify the following properties:

• Auth Scheme - Select AwsIAMRoles.

• AWS Access Key - Enter your Amazon Web Services (AWS) account access key. You can locate this value on your AWS security credentials page.

• AWS Secret Key - Enter your AWS account secret key. You can locate this value on your AWS security credentials page.

• AWS Role ARN - Enter the Amazon Resource Name (ARN) for the role with which you want to authenticate.

• AWS External Id (optional) - Enter the unique identifier that is required when you assume a role in another account.

AWS EC2 Roles

When you run CData Sync on an EC2 instance, CData Sync can authenticate by using the IAM role that is assigned to the instance. Select AwsEC2Roles for Auth Scheme to use that role. No additional properties are required.

AWS Multi-Factor Authentication

To connect with your multifactor authentication credentials, specify the following properties:

• Auth Scheme - Select AwsMFA.

• MFA Serial Number - Enter the serial number for your multifactor authentication (MFA) device, if you are using such a device.

• MFA Token - Enter the temporary token that is available from your MFA device.

• Temporary Token Duration (optional) - Enter the amount of time (in seconds) a temporary token will last. The default duration is 3600.

AWS Credentials File

To connect with a credentials file, specify the following properties:

• Auth Scheme - Select AwsCredentialsFile.

• AWS Credentials File - Enter the location of your Amazon Web Services (AWS) credentials file.

• AWS Credentials File Profile (optional) - Enter the name of the AWS profile that you want to use from the credentials file that you specify. If you do not enter a profile name, Sync uses the profile named default.

Okta

To connect with single sign-on (SSO) via Okta, specify the following properties:

• Auth Scheme – Select OKTA.

• User - Enter the username that you use to authenticate to your Okta account.

• Password - Enter the password that you use to authenticate to your Okta account.

• SSO Login URL - Enter the login URL that is used by your SSO provider.

• SSO Properties - Enter additional properties that are required to connect to your identity provider. You must use a semicolon-separated list of properties (for example, SSOProperty1=Value1;SSOProperty2=Value2;…).

• SSO Exchange UrI - Enter the Partner Service Identifier URI that is configured in your PingFederate server instance. The URI is available under SP Connections > SP Connection > WS-Trust > Protocol Settings.

• Use Lake Formation (optional) - Select True if you want the AWS Lake Formation service to retrieve temporary credentials. These temporary credentials enforce access policies against the user based on the configured IAM role. You can use this service when you authenticate through Okta, ADFS, and PingFederate, while providing a Security Assertion Markup Language (SAML) assertion. The default setting for Use Lake Formation is False.

PingFederate

To connect with single sign-on via PingFederate, specify the following properties:

• Auth Scheme - Select PingFederate.

• User - Enter the username that you use to authenticate to your PingFederate account.

• Password - Enter the password that you use to authenticate to your PingFederate account.

• SSO Login URL - Enter the login URL that is used by your SSO provider.

• SSO Properties - Enter a comma-separated list of the single sign-on (SSO) properties that you want to use.

• SSO Exchange UrI - Enter the Partner Service Identifier URI that is configured in your PingFederate server instance. The URI is available under SP Connections > SP Connection > WS-Trust > Protocol Settings.

• Use Lake Formation (optional) - Select True if you want the AWS Lake Formation service to retrieve temporary credentials. These temporary credentials enforce access policies against the user based on the configured IAM role. You can use this service when you authenticate through Okta, ADFS, and PingFederate, while providing a Security Assertion Markup Language (SAML) assertion. The default setting for Use Lake Formation is False.

AWS Cognito Basic

To connect with your Amazon Web Services (AWS) Cognito credentials, specify the following properties:

• Auth Scheme - Select AwsCognitoBasic.

• AWS Cognito Region - Select the region for your Amazon Web Services (AWS) user pool. The default region is NORTHERNVIRGINIA.

• AWS User Pool Id - Enter your AWS user-pool Id.

• AWS User Pool Client App Id - Enter your AWS user-pool client application Id.

• AWS Identity Pool Id - Enter the identity-pool Id of the that is linked with your user pool.

• AWS User Pool Client App Secret (optional) - Enter the secret for your user-pool client.

AWS Cognito Secure Remote Password

To connect with your Amazon Web Services (AWS) Cognito credentials, specify the following properties:

• Auth Scheme - Select AwsCognitoSrp.

• AWS Cognito Region - Select the region for your Amazon Web Services (AWS) user pool. The default region is NORTHERNVIRGINIA.

• AWS User Pool Id - Enter your AWS user-pool Id.

• AWS User Pool Client App Id - Enter your AWS user-pool client application Id.

• AWS Identity Pool Id - Enter the identity-pool Id of the that is linked with your user pool.

• AWS User Pool Client App Secret (optional) - Enter the secret for your user-pool client.

Complete Your Connection

To complete your connection:

1. For AWS Region, select the region that hosts your Amazon Web Services. The default region is NORTHERNVIRGINIA.

2. Define advanced connection settings on the Advanced tab. (In most cases, though, you should not need these settings.)

3. Click Create & Test to create your connection.

More Information

For more information about interactions between CData Sync and Amazon DynamoDB, see Amazon DynamoDB Connector for CData Sync.