scottk/vault
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/vault.git synced 2025-10-30 10:12:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

backport of commit c2f5ee0c62 (#23687)

Browse Source 
Co-authored-by: Jonathan Frappier <92055993+jonathanfrappier@users.noreply.github.com>
This commit is contained in:
hc-github-team-secure-vault-core
2023-10-17 10:25:46 -04:00
committed by GitHub
parent 93efe66491
commit b9e5f7a928
1 changed files with 65 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
website/content/docs/secrets/databases/index.mdx
View File

@@ -241,6 +241,70 @@ password='your#StrongPassword%' \
disable_escaping="true" disable_escaping="true"
``` ```
## Unsupported databases
### AWS DynamoDB
Amazon Web Services (AWS) DynamoDB is a fully managed, serverless, key-value NoSQL database service. While
DynamoDB is not supported by the database secrets engine, you can use the [AWS secrets engine](/vault/docs/secrets/aws)
to provision dynamic credentials capable of accessing DynamoDB.
1. Verify you have the AWS secrets engine enabled and configured.
1. Create a role with the necessary permissions for your users to access DynamoDB. For example:
```shell-session
$ vault write aws/roles/aws-dynamodb-read \
credential_type=iam_user \
policy_document=-<<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:DescribeTable",
"dynamodb:GetItem",
"dynamodb:GetRecords"
],
"Resource": "arn:aws:dynamodb:us-east-1:1234567891:table/example-table"
},
{
"Effect": "Allow",
"Action": "dynamodb:ListTables",
"Resource": "*"
}
]
}
EOF
```
1. Generate dynamic credentials for DynamoDB using the `aws-dynamodb-read` role:
```shell-session
$ vault read aws/creds/aws-dynamodb-read
Key Value
--- -----
lease_id aws/creds/my-role/kbSnl9WSDzOXQerd8GiVh75N.DACNl
lease_duration 1h
lease_renewable true
access_key AKALMNOP123456
secret_key xY4XhS3AsM3s+R33tCaybsT2XI6BVL+vF+khbbYD
security_token <nil>
```
1. Use the dynamic credentials generated by Vault to access DynamoDB. For example, to connect with the
the [AWS CLI](https://docs.aws.amazon.com/cli/latest/reference/dynamodb/).
```shell-session
$ aws dynamodb list-tables --region us-east-1
{
"TableNames": [
"example-table"
]
}
```
## Tutorial ## Tutorial
Refer to the following step-by-step tutorials for more information: Refer to the following step-by-step tutorials for more information: