Fortinet black logo

AWS Administration Guide

Setting up the DynamoDB table

Copy Link
Copy Doc ID 9e3b59dc-ba0b-11e9-a989-00505692583a:423844
Download PDF

Setting up the DynamoDB table

One DynamoDB table with the stream feature enabled is required to store records of malicious IP addresses from GuardDuty findings. DynamoDB tables and Lambda functions are region-specific so you must create the table and the Lambda function in the same AWS region. A DynamoDB trigger on this table is created to cause the Lambda function to execute. Since the Lambda function has not been created yet, instructions to create the trigger are provided later in Setting up the DynamoDB stream trigger.

  1. Create the DynamoDB table. In this example, the table is named my-aws-lambda-guardduty-db.
    1. For the primary key, do the following:
      1. Input the value finding_id. This value is case-sensitive.
      2. From the data type dropdown list, select String.
    2. Add a sort key:
      1. Input the value ip. This value is case-sensitive.
      2. From the data type dropdown list, select String.
    3. Check used default settings for Table settings.
    4. Click Create.
  2. Enable the Stream feature on the table.
    1. On the Overview tab, click Manage Stream, select Keys only, then click Enable to save.
    2. Write down the Latest stream ARN. This ARN is used in the IAM policy creation step.

Setting up the DynamoDB table

One DynamoDB table with the stream feature enabled is required to store records of malicious IP addresses from GuardDuty findings. DynamoDB tables and Lambda functions are region-specific so you must create the table and the Lambda function in the same AWS region. A DynamoDB trigger on this table is created to cause the Lambda function to execute. Since the Lambda function has not been created yet, instructions to create the trigger are provided later in Setting up the DynamoDB stream trigger.

  1. Create the DynamoDB table. In this example, the table is named my-aws-lambda-guardduty-db.
    1. For the primary key, do the following:
      1. Input the value finding_id. This value is case-sensitive.
      2. From the data type dropdown list, select String.
    2. Add a sort key:
      1. Input the value ip. This value is case-sensitive.
      2. From the data type dropdown list, select String.
    3. Check used default settings for Table settings.
    4. Click Create.
  2. Enable the Stream feature on the table.
    1. On the Overview tab, click Manage Stream, select Keys only, then click Enable to save.
    2. Write down the Latest stream ARN. This ARN is used in the IAM policy creation step.