Skip to main content

Amazon DynamoDB Connections

TablePro supports Amazon DynamoDB, AWS’s fully managed NoSQL key-value and document database. Connect using IAM credentials, AWS profiles, or SSO. Browse tables, run PartiQL queries, inspect GSI/LSI indexes, and edit items directly in the data grid.

Quick Setup

Click New Connection, select DynamoDB, choose auth method (Access Key, AWS Profile, SSO), enter credentials and region. Plugin auto-installs or use Settings > Plugins > Browse > DynamoDB Driver.

Authentication Methods

Access Key + Secret Key: IAM credentials. Optional session token for temporary creds from STS. AWS Profile: Read from ~/.aws/credentials. Format: [profile_name] with aws_access_key_id, aws_secret_access_key, optional aws_session_token. AWS SSO: Use cached credentials from ~/.aws/cli/cache/. Run aws sso login --profile my-sso-profile before connecting. Credentials expire (re-login if auth fails).

Connection Settings

Required Fields

FieldDescription
NameConnection identifier
Auth MethodAccess Key + Secret Key, AWS Profile, or AWS SSO
RegionAWS region where your tables are located

Optional Fields

FieldDescription
Custom EndpointOverride the DynamoDB endpoint URL (for DynamoDB Local)

DynamoDB Local

Docker: docker run -p 8000:8000 amazon/dynamodb-local Config: Auth Method = Access Key, Access Key/Secret = any non-empty, Custom Endpoint = http://localhost:8000

Example Configurations

AWS Production: Standard Access Key method with credentials from IAM AWS Profile: Select profile from ~/.aws/credentials DynamoDB Local: Fake credentials (non-empty required), Custom Endpoint = http://localhost:8000

Features

Table Browsing: Sidebar lists all tables. Shows data (grid), structure (key schema with types S/N/B), indexes (primary, GSI, LSI), DDL (key schema, billing, throughput, count, size). Schemaless Discovery: Tables are schemaless. TablePro samples items to discover attributes, infers types by majority vote. Keys always first columns. PartiQL Queries (reference): 
-- Select items
SELECT * FROM "Users" WHERE userId = 'user123'

-- Insert an item
INSERT INTO "Users" VALUE {'userId': 'user456', 'name': 'Alice', 'age': 30}

-- Update an item
UPDATE "Users" SET name = 'Bob' WHERE userId = 'user123'

-- Delete an item
DELETE FROM "Users" WHERE userId = 'user123'

-- Query with conditions
SELECT * FROM "Orders"
WHERE customerId = 'cust001' AND orderDate BETWEEN '2024-01-01' AND '2024-12-31'
Table names in PartiQL must be quoted with double quotes: "TableName". String values use single quotes: 'value'.
Data Types: S (string), N (number), B (binary), BOOL, NULL, L (JSON array), M (JSON object), SS (string set), NS (number set), BS (binary set). Data Editing: Edit cells, insert rows, delete rows. Generates PartiQL: INSERT INTO "Table" VALUE { ... }, UPDATE "Table" SET attr = 'val' WHERE pk = 'pkVal', DELETE FROM "Table" WHERE pk = 'pkVal'. Keys cannot be modified (delete/re-insert). Smart Optimization: Partition key equality uses Query API (not Scan) for speed and lower read capacity. Capacity/Metrics: Billing mode (PAY_PER_REQUEST/PROVISIONED with RCU/WCU), approximate item count, table size, GSI/LSI details. Export: CSV, JSON, SQL, other formats.

IAM Permissions

The IAM user or role needs these permissions at minimum: 
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "dynamodb:ListTables",
        "dynamodb:DescribeTable",
        "dynamodb:Scan",
        "dynamodb:Query",
        "dynamodb:GetItem",
        "dynamodb:PutItem",
        "dynamodb:UpdateItem",
        "dynamodb:DeleteItem",
        "dynamodb:PartiQLSelect",
        "dynamodb:PartiQLInsert",
        "dynamodb:PartiQLUpdate",
        "dynamodb:PartiQLDelete"
      ],
      "Resource": "*"
    }
  ]
}
For read-only access, remove the write actions (PutItem, UpdateItem, DeleteItem, PartiQLInsert, PartiQLUpdate, PartiQLDelete).

Troubleshooting

Auth failed: Verify Access Key/Secret/profile/SSO credentials. For SSO, run aws sso login. For expired creds, refresh. Access denied: Check IAM permissions, verify resource ARNs, check SCP/permission boundaries. Region mismatch: Verify correct region selected. Tables are region-specific. Throughput exceeded: Wait and retry, switch to on-demand billing, use filters to reduce scans. Limitations: No persistent connections (independent HTTP requests), no schema editing (structure at creation), item counts updated ~6h, cursor-based pagination (scan to jump), no transactions in UI, no DAX/Global Tables, HTTPS only with SigV4.