Posted On: Apr 19, 2017

You can now access Amazon DynamoDB from your Amazon Virtual Private Cloud (VPC) using VPC endpoints, enabling you to have all network traffic between your application and DynamoDB traverse the public Internet or stay within the AWS cloud.

DynamoDB offers data protection and security using TLS endpoints for encryption-in-transit, a client-side encryption library, and fine-grained access control using AWS Identity and Access Management (IAM), providing control at the item and attribute level. VPC Endpoints for DynamoDB further improves privacy and security, especially for applications with strict compliance and audit requirements, or that handle sensitive data.

If you’re connecting to DynamoDB from a VPC, here are four reasons that make using VPC Endpoints for DynamoDB a no-brainer. First, while normal charges apply for NAT gateway access, there is no additional cost for using VPC Endpoints for DynamoDB. Second, with VPC Endpoints for DynamoDB, you do not need an Internet gateway or NAT gateway, so your VPC remains closed and isolated from the public Internet. Third, VPC endpoints offer simplified network configuration that removes the need for you to set up and maintain firewalls to keep you VPC secure from network attacks. Fourth, you can use IAM policies to allow DynamoDB access through VPC endpoints only from your corporate network, and only from specific applications.

VPC endpoints for DynamoDB is available in public preview in the following AWS regions:

  • Asia Pacific (Seoul)
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Tokyo)
  • EU (Frankfurt)
  • South America (Sao Paulo)
  • US East (Ohio)
  • US West (N. California)

VPC Endpoints for DynamoDB will be available in other regions soon, with Northern Virginia coming in the next few weeks. You can sign up for public preview access here.