I can't query dynamodb table from AWS Fargate task

4
votes

I'm setting up a new AWS Fargate task to query Dynamodb. The task is not public, so it doesn't have a public IP address and the subnet in which the task is placed doesn't have the access to the Internet. The Dynamodb table I'm trying to query uses the KMS encryption type.

I created:

  • a VPC endpoint gateway to allow the subnet to connect to Amazon Dynamodb
  • a VPC endpoint interface to allow the subnet to connect to AWS Secret Manager

I also updated the task's IAM role to be able to access the Dynamodb and the AWS Secret services.

The route tables associated with my VPC is: Route tables and unfortunately, I can't update the table. If I click on Edit routes and Add route, it says: "No results found".

I'm trying to execute these lines of code:

session = boto3.Session()
dynamodb_client = session.client(service_name='dynamodb', region_name='us-east-1')
dynamodb_client.get_item(
    TableName='table_name', ConsistentRead=True, Key={'key': {'S': 'key'}}))

I expect that the output is a dictionary containing the information fetched from Dynamodb. I can't fetch any type of data from Dynamodb because when I execute the query, the task is interrupted and AWS Fargate starts a new one. I tried to download something from my S3 bucket and it's working (I also create the VPC endpoint gateway to allow the subnet to connect to AWS S3 and I updated the task's IAM role). I think that it's a problem of VPC endpoints but I don't know which other endpoints I need.

What am I doing wrong?

1
dockeramazon-dynamodbamazon-iamaws-fargate
Can you show your route tables configuration?jogold
What do you mean by interrupted? It seems your container is essential and it exits. What's the container's status reason? docs.aws.amazon.com/AmazonECS/latest/userguide/…Zdenek F
@jogold I've updated the question with the route tableschicco.caste21
@ZdenekF, unfortunately, I don't have any feedbacks why the task is stopped and relaunched. Practically, the Elastic load balancer can't reach the task, it puts the task as out of service and it starts another onechicco.caste21
@jogold thanks to you I discovered my issue. I didn't update the Route table of the VPC endpoint gateway that I created for the Dynamodb service and it was not associated with my VPC. I'm making some tests but it's working.chicco.caste21

1 Answers

1
votes

I found the solution thanks to a StackOverflow user's comment. I don't know why when I created the VPC Endpoint Gateway to connect to Dynamodb, AWS didn't update automatically my route tables.

It's a VPC Endpoint Gateway so you have to be sure that the traffic to Dynamodb is redirected to the gateway created (with a VPC Endpoint Interface you don't have to update route tables because you set the subnets in which it's available).

Your route tables should be like this: enter image description here