Multiple Applications and DynamoDB, Ideal way to configure?

Question

We are planning to use DynamoDB as noSQL database for different applications running in AWS, and are planning to use AWS Identity and Access Management (IAM) for connection to DynamoDB.

Normally you have one AWS account, and you can create new users per application and you can give them access to their respective tables in DynamoDB, to ensure they cannot access/modify other applications data.

My question is, can application use the same name table in DynamoDB? e.g. LOG, so each application has it's own LOG table in DynamoDB, but the data is not shared? (we can achieve this in SQL based databases by defining the schema for each application and creating user who have required access to it's schema)

Note: We are not planning to use different DynamoDB regions and like to know if it is possible using one region?

Answer 1

DynamoDB doesn't provide namespacing-levels such as Database and Schema like common SQL RDBMS, e.g. PostgreSQL, Oracle.

[hostname > ] database > schema > table

With DynamoDB its more like this

[aws-region > aws-account-id > ] table

So you have two choices of separating applications accessing DynamoDB:

1) Simply use table name prefixes to separate tables being application specific an use IAM to make sure 'App A' has only access to the tables it requires access to.

• Pro:
  • easy to use, only separate what needs to be separated
  • ability to share DynamoDB tables between apps if needed
• Con:
  • billing, reporting

or

2) Use separate AWS Accounts.

• Pro:
  • separate billing, usage statistics etc.
• Con:
  • can be annoying to administrate, e.g. login/logout of AWS Console

Note: In general, you should not hard-code DynamoDB table names in your application. Use some mapping of logical-table names to real-table names. e.g. some variable tableName_LOG = 'AppA_LOG'.