AWS Profiles

Dynomate is designed to work seamlessly with your existing AWS configuration, including AWS profiles and SSO sessions. This guide explains how to configure and manage your AWS profiles for use with Dynomate.

Configuring AWS Profiles

Dynomate reads your AWS profiles directly from the standard AWS configuration files:

~/.aws/credentials - Contains your AWS access keys
~/.aws/config - Contains profile configurations, including SSO settings

If you already have AWS profiles configured for use with the AWS CLI or SDK, Dynomate will automatically detect and use them.

Example AWS Configuration

~/.aws/credentials

[default]
aws_access_key_id = AKIAIOSFODNN7EXAMPLE
aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

[development]
aws_access_key_id = AKIAI44QH8DHBEXAMPLE
aws_secret_access_key = je7MtGbClwBF/2Zp9Utk/h3yCo8nvbEXAMPLEKEY

[production]
# This profile uses SSO, so no access keys here

~/.aws/config

[default]
region = us-west-2
output = json

[profile development]
region = us-east-1
output = json

[profile production]
sso_start_url = https://your-company.awsapps.com/start
sso_region = us-east-1
sso_account_id = 123456789012
sso_role_name = SSODeveloperRole
region = us-east-1
output = json

Security Note

Dynomate never stores or transmits your AWS credentials. All connections are made directly from your machine to AWS using your local profile information.

AWS SSO Integration

Dynomate supports AWS Single Sign-On (SSO) profiles out of the box. When you select an SSO profile, Dynomate will:

Check if you have an active SSO session
Use the existing session if available
Prompt you to authenticate via the AWS SSO login page if needed

Pro Tip: SSO Session Status

You can check your SSO session status in Dynomate by looking at the profile indicator in the top-right corner. A green indicator means you have an active session, while yellow means your session may be expiring soon.

Configuring an AWS SSO Profile

If you haven't set up an AWS SSO profile yet, you can add one to your ~/.aws/config file:

~/.aws/config (AWS SSO example)

[profile my-sso-profile]
sso_start_url = https://your-company.awsapps.com/start
sso_region = us-east-1
sso_account_id = 123456789012
sso_role_name = YourSSORole
region = us-west-2
output = json

You can also use the AWS CLI to set up a profile:

Setting up SSO with AWS CLI

aws configure sso
SSO start URL [None]: https://your-company.awsapps.com/start
SSO region [None]: us-east-1
...

Using Multiple Profiles

Dynomate makes it easy to work with multiple AWS profiles simultaneously:

Open Multiple Tabs

Click the + button in the tab bar to open a new tab. Each tab can use a different AWS profile and region.

Select Different Profiles

In each tab, use the profile selector in the top-right corner to choose a different AWS profile.

Save Tab Configuration

Dynomate remembers your tab setup, so you can quickly switch between different environments without reconfiguring each time.

Organizing by Environment

A common practice is to set up separate tabs for each environment: development, staging, and production. This helps avoid accidentally running queries against the wrong environment.

Switching Regions

Each AWS profile can access resources in any region, regardless of the default region specified in your config file:

Select your AWS profile from the profile selector
Click the region selector (next to the profile selector)
Choose the AWS region where your DynamoDB tables are located

Dynomate will remember your region selection for each profile, so you don't need to select it again when you switch back to that profile.

Region-Specific Resources

Remember that DynamoDB tables are region-specific. If you don't see your table, make sure you're connected to the correct AWS region.

Troubleshooting

Profile Not Showing Up

If your AWS profile isn't appearing in Dynomate:

Verify that your profile is correctly configured in ~/.aws/config and/or ~/.aws/credentials
For SSO profiles, make sure the profile name in ~/.aws/config starts with "profile " (e.g., [profile my-sso])
Restart Dynomate to refresh the profile list

SSO Authentication Issues

If you're having trouble with SSO authentication:

Try authenticating with the AWS CLI first: aws sso login --profile your-profile-name
Verify that your SSO session is still valid (they typically expire after 8-12 hours)
Check that your sso_start_url, sso_region, sso_account_id, and sso_role_name are correct

Access Denied Errors

If you receive access denied errors:

Verify that your IAM user or role has the necessary permissions to access DynamoDB
For SSO users, make sure you've selected the correct SSO role with DynamoDB permissions
Check if your permissions are limited to specific tables or actions

The minimum IAM permissions needed for basic Dynomate functionality are:

Minimum IAM Permissions

{ 
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "dynamodb:ListTables",
        "dynamodb:DescribeTable",
        "dynamodb:Scan",
        "dynamodb:Query",
        "dynamodb:GetItem"
      ],
      "Resource": "*"
    }
  ]
}

Need More Help?

If you're still experiencing issues with AWS profiles in Dynomate, please contact our support team at support@dynomate.io with details about your configuration and the error messages you're seeing.