feat(doc): add documentation for dynamodb (#1236)

Signed-off-by: Petu Eusebiu <peusebiu@cisco.com>

examples/README.md

@@ -305,12 +305,42 @@ In order to test the Metrics feature locally in a [Kind](https://kind.sigs.k8s.i
 ## Storage Drivers
 
 Beside filesystem storage backend, zot also supports S3 storage backend, check below url to see how to configure it:
-- [s3](https://github.com/docker/docker.github.io/blob/master/registry/storage-drivers/s3.md): A driver storing objects in an Amazon Simple Storage Service (S3) bucket.
+- [s3 config](https://github.com/docker/docker.github.io/blob/master/registry/storage-drivers/s3.md): A driver storing objects in an Amazon Simple Storage Service (S3) bucket.
 
 For an s3 zot configuration with multiple storage drivers see: [s3-config](config-s3.json).
 
 zot also supports different storage drivers for each subpath.
 
+### S3 permissions scopes
+
+The following AWS policy is required by zot for push and pull. Make sure to replace S3_BUCKET_NAME with the name of your bucket.
+
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:ListBucket",
+        "s3:GetBucketLocation",
+        "s3:ListBucketMultipartUploads"
+      ],
+      "Resource": "arn:aws:s3:::S3_BUCKET_NAME"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "s3:PutObject",
+        "s3:GetObject",
+        "s3:DeleteObject",
+        "s3:ListMultipartUploadParts",
+        "s3:AbortMultipartUpload"
+      ],
+      "Resource": "arn:aws:s3:::S3_BUCKET_NAME/*"
+    }
+  ]
+}
+
 ### Specifying S3 credentials
 
 - Config file: 
@@ -372,7 +402,74 @@ AWS_PROFILE=test-account
 
 For more details see https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
 
+## Cache drivers
 
+zot supports two types of cache drivers: boltdb which is local and dynamodb which is remote.
+They are used when dedupe is enabled to store duplicate blobs.
+
+### BoltDB
+
+Like s3 configuration, if you don't specify a cache driver it will default to 'boltdb' and it wil be stored in zot's root directory or subpath root directory
+```
+  "storage": {
+    "rootDirectory": "/tmp/zot",
+    "dedupe": true
+  }
+```
+boltdb can be found at /tmp/zot/cache.db
+
+### DynamoDB
+
+To set up a zot with dedupe enabled and dynamodb as a cache driver, "cacheDriver" field should be included under 'storage'
+```
+    "storage": {
+        "rootDirectory": "/tmp/zot",
+        "dedupe": true,
+        "remoteCache": true,
+        "cacheDriver": {
+            "name": "dynamodb",  // driver name
+            "endpoint": "http://localhost:4566", // aws endpoint
+            "region": "us-east-2" // aws region
+            "cacheTablename": "ZotBlobTable" // table used to store deduped blobs
+
+        }
+    },
+```
+Like s3 configuration AWS GO SDK will load additional config and credentials values from the environment variables, shared credentials, and shared configuration files
+
+Additionally if search extension is enabled, additional parameters are needed:
+
+```
+        "cacheDriver": {
+            "name": "dynamodb",
+            "endpoint": "http://localhost:4566",
+            "region": "us-east-2",
+            "cacheTablename": "ZotBlobTable",
+            // used by search extensions
+            "repoMetaTablename": "ZotRepoMetadataTable",
+            "manifestDataTablename": "ZotManifestDataTable",
+            "versionTablename": "ZotVersion"
+        }
+```
+
+### DynamoDB permission scopes
+The following AWS policy is required by zot for caching blobs. Make sure to replace DYNAMODB_TABLE with the name of your table which in our case is the value of "cacheTablename" (ZotBlobTable)
+
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": [
+        "dynamodb:CreateTable",
+        "dynamodb:GetItem",
+        "dynamodb:UpdateItem",
+        "dynamodb:DeleteItem"
+      ],
+      "Resource": "arn:aws:dynamodb:*:*:table/DYNAMODB_TABLE"
+    }
+  ]
+}
 
 ## Sync