Ensure DynamoDB table auto scaling is enabled to meet compliance standards.
Rule | DynamoDB table auto scaling should be enabled |
Framework | NIST Cybersecurity Framework (CSF) v1.1 |
Severity | ✔ High |
DynamoDB Table Auto Scaling for NIST Cybersecurity Framework (CSF) v1
Description:
Enabling DynamoDB table auto scaling ensures that your DynamoDB tables can automatically adjust their provisioned capacity in response to changes in workload, allowing your applications to handle traffic spikes and meet performance requirements efficiently. This rule is aligned with the NIST Cybersecurity Framework (CSF) v1, which emphasizes the need for adaptive capacity management to address varying workload demands.
Steps to Enable Auto Scaling for DynamoDB Tables:
Identify the DynamoDB table(s) that require auto scaling based on workload demands.
Ensure that you have the necessary permissions to enable auto scaling for DynamoDB tables. The minimum required permission is "dynamodb:UpdateTable".
Verify if your DynamoDB table(s) have a single partition key or a composite key structure. This information is vital to determine the auto scaling configuration.
Determine the desired read and write capacity units required for your DynamoDB table(s). These values should be based on your expected workload and performance requirements.
Use the following AWS CLI command to enable auto scaling for a DynamoDB table, replacing
<table-name>
with the actual table name:aws dynamodb update-table --table-name <table-name> --provisioned-throughput AutoScalingSettingsUpdate={MinimumUnits=<min-capacity>,MaximumUnits=<max-capacity>,AutoScalingDisabled=false,AutoScalingRoleArn=<iam-role-arn>}
<min-capacity>
: Set the minimum provisioned capacity units your table should be scaled down to.<max-capacity>
: Set the maximum provisioned capacity units your table should be scaled up to.<iam-role-arn>
: Provide the ARN of the IAM role that has permissions to manage DynamoDB auto scaling.Repeat Step 5 for each DynamoDB table that requires auto scaling.
Monitor the DynamoDB table(s) to ensure that auto scaling is effectively adjusting provisioned capacity according to workload demands.
Troubleshooting:
Conclusion:
Enabling auto scaling for DynamoDB tables aligns with the NIST Cybersecurity Framework v1 by allowing adaptive capacity management. By automatically adjusting provisioned capacity, your DynamoDB tables can efficiently handle varying workload demands while ensuring optimal performance.