AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
DynamoDB Tables Should Have Autoscaling Enabled
More Info:
Amazon DynamoDB Auto Scaling feature should be enabled to dynamically adjust provisioned throughput (read and write) capacity for your tables and global secondary indexes. This can make it easier to administer your DynamoDB data, help you maximize your application availability and reduce your DynamoDB costs.
Risk Level
Low
Address
Reliability, Cost Optimization, Operational Maturity, Performance, Security
Compliance Standards
HIPAA, NIST, AWSWAF
Triage and Remediation
Remediation
To remediate the misconfiguration of DynamoDB tables not having autoscaling enabled in AWS using the AWS Management Console, follow these steps:
-
Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/console/) and log in to your AWS account.
-
Navigate to DynamoDB Service: Click on the “Services” at the top left corner of the console, then select “DynamoDB” under the Database category.
-
Select the Table: From the list of DynamoDB tables, select the table for which you want to enable autoscaling.
-
Modify Table: In the table details page, click on the “Capacity” tab.
-
Enable Autoscaling: Under the “Table settings” section, find the “Auto Scaling” option and click on the “Modify” button.
-
Configure Autoscaling: In the “Auto Scaling” section, you can configure the read and write capacity settings for autoscaling. You can choose to enable autoscaling for read capacity, write capacity, or both.
-
Set Capacity Limits: Set the minimum and maximum capacity units for the read and write capacity. You can also set the target utilization percentage for autoscaling.
-
Save Changes: Once you have configured the autoscaling settings, click on the “Save” button to apply the changes.
-
Verify Autoscaling: After saving the changes, DynamoDB will start autoscaling the read and write capacity based on the configured settings.
By following these steps, you can remediate the misconfiguration of DynamoDB tables not having autoscaling enabled in AWS using the AWS Management Console.
To remediate the misconfiguration of DynamoDB tables not having autoscaling enabled in AWS using AWS CLI, follow these steps:
- List all the DynamoDB tables in your AWS account to identify which tables do not have autoscaling enabled:
aws dynamodb list-tables
- For each table that does not have autoscaling enabled, update the table to enable autoscaling using the following command:
aws dynamodb update-table \
--table-name YOUR_TABLE_NAME \
--billing-mode PAY_PER_REQUEST \
--provisioned-throughput ReadCapacityAutoScalingSettings={MinimumCapacity=1,MaximumCapacity=100,AutoScalingDisabled=false,TargetTrackingScalingPolicy={TargetValue=70.0,PredefinedMetricSpecification={PredefinedMetricType=DynamoDBReadCapacityUtilization}}},WriteCapacityAutoScalingSettings={MinimumCapacity=1,MaximumCapacity=100,AutoScalingDisabled=false,TargetTrackingScalingPolicy={TargetValue=70.0,PredefinedMetricSpecification={PredefinedMetricType=DynamoDBWriteCapacityUtilization}}}
Replace YOUR_TABLE_NAME with the name of the DynamoDB table that you want to enable autoscaling for.
- Verify that autoscaling is enabled for the DynamoDB table by describing the table and checking the
BillingModeandProvisionedThroughputsettings:
aws dynamodb describe-table --table-name YOUR_TABLE_NAME
By following these steps, you can remediate the misconfiguration of DynamoDB tables not having autoscaling enabled in AWS using AWS CLI.
To remediate the misconfiguration of DynamoDB tables not having autoscaling enabled in AWS using Python, follow these steps:
- Import the necessary libraries:
import boto3
- Initialize the DynamoDB client:
dynamodb = boto3.client('dynamodb')
- List all the DynamoDB tables:
response = dynamodb.list_tables()
tables = response['TableNames']
- Enable autoscaling for each table:
for table_name in tables:
response = dynamodb.update_table(
TableName=table_name,
ProvisionedThroughput={
'ReadCapacityUnits': 5, # Set your desired read capacity units
'WriteCapacityUnits': 5 # Set your desired write capacity units
},
BillingMode='PROVISIONED', # Set the billing mode to PROVISIONED
GlobalSecondaryIndexUpdates=[
{
'Update': {
'IndexName': 'string',
'ProvisionedThroughput': {
'ReadCapacityUnits': 5, # Set your desired read capacity units
'WriteCapacityUnits': 5 # Set your desired write capacity units
}
}
},
],
StreamSpecification={
'StreamEnabled': False
},
SSESpecification={
'Enabled': False
},
TimeToLiveSpecification={
'Enabled': False
},
BillingMode='PAY_PER_REQUEST' # Set the billing mode to PAY_PER_REQUEST for autoscaling
)
-
Replace the placeholder values like
'ReadCapacityUnits': 5and'WriteCapacityUnits': 5with your desired values for read and write capacity units. -
Run the Python script to enable autoscaling for all DynamoDB tables.
By following these steps and running the Python script, you can remediate the misconfiguration of DynamoDB tables not having autoscaling enabled in AWS.