Complete the code to specify the VPC endpoint type for private DynamoDB access.
aws ec2 create-vpc-endpoint --vpc-id vpc-123abc --service-name com.amazonaws.us-east-1.dynamodb --vpc-endpoint-type [1]
The correct VPC endpoint type for DynamoDB private access is Gateway. This allows routing traffic privately to DynamoDB without using the internet.
Complete the code to add a route to the route table for the DynamoDB VPC endpoint.
aws ec2 create-route --route-table-id rtb-456def --destination-prefix-list-id [1] --vpc-endpoint-id vpce-789ghi
The destination prefix list ID for DynamoDB in the region is pl-12345678. This ID represents the DynamoDB service prefix list for routing.
Fix the error in the command to describe the VPC endpoints filtering by service name.
aws ec2 describe-vpc-endpoints --filters Name=service-name,Values=[1]The full service name for DynamoDB VPC endpoint includes the region and prefix: com.amazonaws.us-east-1.dynamodb. Using only 'dynamodb' will not filter correctly.
Fill both blanks to create a policy that allows access to DynamoDB via the VPC endpoint.
{
"Statement": [{
"Effect": "Allow",
"Principal": "*",
"Action": "[1]",
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:SourceVpce": "[2]"
}
}
}]
}The action must be dynamodb:* to allow all DynamoDB actions. The condition key aws:SourceVpce requires the VPC endpoint ID, which is typically a string like 'vpce-xxxxxx'. Here, 'B' is a placeholder for the VPC endpoint ID.
Fill the blanks to create a DynamoDB client in Python that connects through the VPC endpoint.
import boto3 client = boto3.client('[1]', region_name='us-east-1') response = client.[2]()
The client service name is dynamodb. To list tables, the method is list_tables. For VPC Gateway endpoints with DynamoDB, boto3 automatically routes traffic privately through the endpoint based on VPC route tables; no custom endpoint_url is required.