1

I am using spring data for connectivity like below:

@Bean
public AmazonDynamoDB amazonDynamoDB() {

BasicAWSCredentials credentials = new BasicAWSCredentials(ACCESS_KEY, 

SECRET_KEY);

 final AmazonDynamoDBClient client = new 

AmazonDynamoDBClient(credentials);

    client.withEndpoint(END_POINT);

    //client.withRegion(Regions.AP_SOUTH_1);

    client.withRegion(Regions.US_WEST_2);
    return client;
}

But i am facing Caused by: org.apache.http.conn.ConnectTimeoutException: Connect

to dynamodb.us-west-2.amazonaws.com:443

From EC2 instance with public subnet it is working fine.

Please suggest how can i access DynamoDB from ec2 instance with private subnet.

Anoop Singhal
  • 43
  • 8

1 Answers1

0

You can't connect to DynamoDB or many other AWS services (SQS or SNS, for example) from an instance on a private subnet without a NAT Gateway or a NAT Instance.

NAT

You can use a NAT device to enable instances in a private subnet to connect to the Internet (for example, for software updates) or other AWS services, but prevent the Internet from initiating connections with the instances. A NAT device forwards traffic from the instances in the private subnet to the Internet or other AWS services, and then sends the response back to the instances. When traffic goes to the Internet, the source IP address is replaced with the NAT device’s address and similarly, when the response traffic goes to those instances, the NAT device translates the address back to those instances’ private IP addresses.

http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/vpc-nat.html

See also Why do we need private subnets in VPC?

Community
  • 1
  • 1
Michael - sqlbot
  • 139,456
  • 21
  • 252
  • 328
  • can it be possible that i can access RDS service? Because i am able to access RDS service from private subnet machine. – Anoop Singhal Oct 13 '16 at 10:33
  • Please suggest. – Anoop Singhal Oct 13 '16 at 10:34
  • Yes, @AnoopSinghal. RDS can be accessed from private instances without a NAT device, because RDS instances have Elastic Network Interfaces attached to them, and those interfaces are accessible from inside your VPC as long as the security groups permit it. This is different than DynamoDB. – Michael - sqlbot Oct 13 '16 at 20:31
  • I have associated a NATdevice with private subnet still dynamodb is not accessible. Please suggest. – Anoop Singhal Oct 14 '16 at 10:05
  • You'll need to verify that it is configured properly. You will have Internet access from your instance, if it is. For example, you will be able to `ping 8.8.8.8` successfully and `curl -v google.com`. Note that the NAT device is the target of the default (0.0.0.0/0) route of your private subnet, but the NAT device itself must be located on a *public* subnet. – Michael - sqlbot Oct 14 '16 at 10:11