Introduction to DynamoDB
DynamoDB is a fast and flexible NoSQL database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed database and supports both document and key-value data models. Its flixible data model and reliable performance make it a great fit for mobile, web, gaming, Ad-Tech, IoT and many other applications.
- Stored on SSD storage
- Spread across 3 geographically distinct data centers
- Choice of 2 consistency models
- Eventual consistency Reads (Default)
- Strongly Consistent Reads
Eventually Consistent Reads
Consistency across all copies of data is usually reached within a second. Repeating a read after a short time should return the updated data. (Best Read Performance)
Srongly Consistent Reads
A strongly consistent read returns a result that reflects all writes that received a successful response prior to the read.
Architecture
- Tables
- Items (Think of a row of data in a table)
- Attributes (Think of a column of data in a table)
- Supports key-value and document data structures
- Key = The name of the data, Value = the data itself
- Documents can be written in JSON, HTML, or XML
DynamoDB - Primary Keys
- DynamoDB stores and retrieves data based on a Primary Key
- 2 types of Primary Key
- Partition Key - Unique attribute (e.g. user ID, product ID, e-mail address, etc.)
- Value of the Partition Key is input to an internal hash function, which determines the partition or physical location on which the data is stored.
- If you are using the Partition Key as your Primary Key, then no two items can have the same Partition Key.
- Composite Key - Made up of a combination of Partition Key and a Sort Key
- For example, consider a user posting multiple times to a forum.
- The Primary Key would be a Composite Key consisting of:
- Partition Key - UserID
- Sort Key - Timestamp of the post
- Two items may have the same Partition Key, but they must have a different Sort Key
- All Items with the same Partition Key are stored together, then sorted according to the Sort Key value.
- Allows you to store multiple items with the same Partition Key
- Partition Key - Unique attribute (e.g. user ID, product ID, e-mail address, etc.)
Example - Students Table
In the first example, the UniqueID
is the Partition Key
{
"UniqueID": 1975,
"FirstName": "Allan",
"Surname": "Brown",
"Phone": "555-2323"
}
In the second example, the UniqueID
is the Partition Key and the CourseName
is the Sort Key.
{
"UniqueID": 1976,
"FirstName": "Riad",
"Surname": "Ramanov",
"CourseName": "AWS_Developer_Associate",
"Address": {
"Number": "5",
"Street": "River Road"
}
}
DynamoDB Access Control
- Authentication and Access Control is managed using IAM
- You can create an IAM user within your AWS account which has specific permissions to access and create DynamoDB tables.
- You can create an IAM role, which enables you to obtain temporary access keys, which can be used to access DynamoDB.
- You can also use a special IAM Condition to restrict user access to only their own records.
DynamoDB - IAM Conditions Example
Imagine a mobile gaming application with millions of users:
- Users need to access the high scores for each game they are playing.
- Access must be restricted to ensure they cannot view anyone else's data.
In the example below, we would use Camilla as the UserID
for which we can identify the user and restrict data retrieval.
{
"UserID": "Camilla",
"GameTitle": "Frogger",
"TopScore": 12550
}
We can achieve this by adding a Condition to an IAM Policy to allow access only to items where the Partition Key value matches their UserID.
{
"Sid": "AllowAccessToOnlyItemsMatchingUserID",
"Effect": "Allow",
"Action": [
"dynamoDb:GetItem",
"dynamoDb:PutItem",
"dynamoDb:UpdateItem"
],
"Resource": [
"arn:aws:dynamodb:eu-west-1:123456789012:table/HighScores"
],
"Condition": {
"ForAllValues:StringEquals": {
"dynamodb:LeadingKeys": [
"${www.mygame.com:user_id}"
],
"dynamodb:Attributes": [
"UserId",
"GameTitle",
"TopScore"
]
}
}
}
The properties are as follows:
- The Statement Identifier - Gives the Policy a unique identifying name.
- Action - Defines the actions that the policy allows.
- Condition - Allows users to access only the items where the Partition Key value matches their user ID
- DynamoDB Attributes - Defines the attributes that the policy applies to.