Best practice rules for Amazon DynamoDB
Amazon DynamoDB is a fully managed NoSQL database service that scales. It provides fast and predictable performance. DynamoDB can handle any amount of data and load.
Trend Micro Cloud One™ – Conformity monitors Amazon DynamoDB with the following rules:
- Configure DynamoDB Table Class for Cost Optimization
Use Amazon DynamoDB Standard-IA table class for cost optimization.
- DynamoDB Backup and Restore
Ensure on-demand backup and restore functionality is in use for AWS DynamoDB tables.
- DynamoDB Continuous Backups
Enable DynamoDB Continuous Backups
- Enable CloudWatch Contributor Insights
Ensure that CloudWatch Contributor Insights is enabled for Amazon DynamoDB tables.
- Enable Deletion Protection
Ensure that Deletion Protection feature is enabled for your Amazon DynamoDB tables.
- Enable Encryption at Rest with Amazon KMS Keys
Use KMS keys for encryption at rest in Amazon DynamoDB.
- Enable Time To Live (TTL)
Ensure that Time To Live (TTL) is enabled for your Amazon DynamoDB tables.
- Log DynamoDB Changes using Kinesis Data Streams
Ensure that Amazon DynamoDB changes are logged using Kinesis Data Streams.
- Sufficient Backup Retention Period
Ensure that DynamoDB tables have a sufficient backup retention period configured for compliance purposes.
- Unused Table
Identify and remove any unused AWS DynamoDB tables to optimize AWS costs.