An increasingly popular database choice amongst security teams is AWS DynamoDB. The key-value storage, simplicity, scalability and security offered by DynamoDB make it suitable for the kinds of data storage tasks common in security operations and incident response, especially if they already use AWS.

In this post we’ll explore how security teams can use DynamoDB in their automation stories.

Authenticating to AWS DynamoDB from Tines

To begin integrating Tines with AWS DynamoDB, we first need to create a credential. In your AWS console, create an IAM user with the appropriate permissions to perform actions in DynamoDB. Take the access key and access secret for the user and enter them into a new Tines AWS mode credential.

Next, specify a name for the credential and choose the AWS region you will be working with. Finally, under service name enter ‘dynamodb’.

When finished your Tines AWS credential should look like the below:

Creating a Tines AWS credential

Using the AWS Credential

AWS credentials work a little differently to the other credential modes in Tines. When a HTTP Request Agent with an AWS mode credential included in a header called “Authorization” runs, Tines will use the AWS Signature Version 4 Signing Process and include the corresponding auth headers in the request before submitting it to AWS.

For example, the below HTTP Request agent uses an AWS mode credential (aws_cloudtrail) to list cloudtrails in the us-east-1 region.

When this agent runs, the request will be signed and will be converted to the following before being sent to AWS:

DynamoDB Tines Agents

Tines can perform all available DynamoDB actions. The following agent examples cover a selection of the cost common.

List Amazon AWS DynamoDB Tables

Scan an Amazon AWS DynamoDB table with a filter

Scan an Amazon AWS DynamoDB Table

Delete an Amazon AWS DynamoDB table

Create an Amazon AWS DynamoDB Table

Add an item to Amazon AWS DynamoDB table

Get an item from an Amazon AWS DynamoDB table

Delete an item from an Amazon AWS DynamoDB table

Summary

By including DynamoDB actions in Tines automation stories, security teams can quickly and reliably fetch and store important data, allowing them enrich security incidents and make better decisions around incident investigation and remediation.

For more information on how Tines can automate interaction with DynamoDB and other AWS services, contact us here.