Skip to main content

Requirements

Before deploying using the Formal Connector with DynamoDB, ensure that you have created a DynamoDB Resource on Formal. This is a prerequisite for the deployment process.

Deployment

The Formal Connector can be deployed using the Formal Terraform Provider. This method allows for easy integration into your existing Terraform workflows and infrastructure as code practices.

Networking

To ensure seamless connectivity between your environment and the Formal Resources, certain ports must be accessible. Specifically, for DynamoDB access through the Connector, port 443 must be assigned and allowed through your security groups. A single Connector instance can listen on multiple ports simultaneously for various resources, providing flexibility in your deployment architecture.

Set up your connection details

To connect to your DynamoDB database through the Connector, follow these steps:
  1. Grab Formal username and access token on Formal Dashboard and set them as AWS credentials:
    • AWS_ACCESS_KEY_ID: Formal Username
    • AWS_SECRET_ACCESS_KEY: Formal Access Token

Connecting to DynamoDB

Ensure that you have completed the setup of your connection details and credentials as described above. Then, connect to DynamoDB using your preferred client. Authentication will rely on the credentials obtained from the Formal control plane UI. Formal policies, if present, are enforced, and all data activity is logged to the log location configured in your Formal installation.

Code Samples for connecting through the Connector

The following code samples demonstrate how to connect to DynamoDB through the Formal Connector using NodeJS, Python, and Java. These examples showcase the configuration needed to route traffic through the Connector and utilize a custom certificate bundle for secure connections.

    Policy Evaluation

    Formal supports the following policy evaluation stages for DynamoDB:
    • Session: Evaluate and enforce policies at connection time
    • Pre-Request: Evaluate and enforce policies before request execution
    • Post-Request: Evaluate and enforce policies after data retrieval

    Applications

    Applications leveraging the AWS SDK can be modified to directly communicate with the Connector by following the examples provided. This allows for seamless integration of Formal’s security and compliance features into your existing DynamoDB workflows.

    Note on other AWS SDKs

    AWS offers SDKs for various programming languages. While this document provides examples for NodeJS, Python, and Java, the principles apply across all SDKs. If you require examples for a language not covered here, please refer to the AWS official documentation or contact Formal support for assistance.