Profile Applicability:

  • Level 1

Description:

Amazon DynamoDB is a fully managed NoSQL database service that automatically scales to handle variable workloads. DynamoDB supports auto scaling of provisioned capacity, which allows DynamoDB tables to automatically adjust their read and write capacity units based on traffic patterns and demand. This SOP ensures that DynamoDB tables are set up with auto scaling enabled to ensure that capacity automatically scales with demand, providing seamless performance and cost optimization.

Rationale:

  • Cost Optimization: Auto scaling adjusts the capacity of DynamoDB tables to ensure that you only pay for the resources you need based on actual demand, helping to avoid over-provisioning and under-provisioning.

  • Performance: Auto scaling ensures that your tables automatically handle variations in traffic without manual intervention, maintaining performance even during traffic spikes.

  • Operational Efficiency: Auto scaling reduces the need for manual intervention in adjusting capacity, allowing developers and administrators to focus on other tasks.

Impact:

Pros:

  • Cost-effective: Ensures you only pay for the capacity required by your workload, avoiding waste.

  • Seamless Scaling: Automatically adjusts capacity to handle demand, preventing performance issues during spikes.

  • Minimal Overhead: Eliminates the need for constant manual monitoring and capacity adjustments.

Cons:

  • Initial Setup: Requires configuration to enable auto scaling policies based on your workload's read and write capacity needs.

  • Limits: There are limits on the rate of scaling adjustments, which could affect handling extreme fluctuations in a very short period of time.

Default Value:

By default, auto scaling is not enabled for DynamoDB tables. Auto scaling must be explicitly configured to automatically adjust capacity based on workload demand.

Pre-requisite:

  • AWS IAM Permissions:

    • dynamodb:DescribeTable

    • dynamodb:UpdateTable

    • dynamodb:PutScalingPolicy

  • AWS CLI installed and configured.

  • DynamoDB Table created or in the process of being created.

Test Plan:

Using AWS Console:

  1. Sign in to the AWS Management Console.

  2. Navigate to DynamoDB under Services.

  3. In the DynamoDB Console, go to Tables and select the table you want to check.

  4. In the Table details section, under the Capacity tab, check if Auto Scaling is enabled for Read Capacity Units (RCU) and Write Capacity Units (WCU).

    • If enabled, it will show Auto Scaling with specific settings such as the target utilization and the minimum/maximum capacity limits.

    • If disabled, you can enable it through the Modify Table option.

Using AWS CLI:

  1. To check if auto scaling is enabled for a specific DynamoDB table, run:

    aws dynamodb describe-table --table-name <table-name> --query "Table.ProvisionedThroughput"

  2. To check the auto scaling configuration for the table, run:

    aws application-autoscaling describe-scalable-targets --service-namespace dynamodb --resource-id table/<table-name>

Implementation Steps:

Using AWS Console:

  1. Sign in to the AWS Management Console and navigate to DynamoDB.

  2. Go to Tables and select the table you want to modify.

  3. Under the Capacity tab, choose Modify Table.

  4. Enable Auto Scaling for both Read Capacity and Write Capacity.

    • Set the Target Utilization (the percentage of the provisioned capacity).

    • Define the Minimum Capacity and Maximum Capacity limits to prevent the table from scaling beyond a certain threshold.

  5. Save the changes to enable auto scaling.

Using AWS CLI:

  1. To enable auto scaling for a table’s read and write capacity, run:

    aws application-autoscaling register-scalable-target --service-namespace dynamodb --resource-id table/<table-name> --scalable-dimension dynamodb:table:ReadCapacityUnits --min-capacity 5 --max-capacity 50 --role-arn <role-arn>

  2. For write capacity, run:

    aws application-autoscaling register-scalable-target --service-namespace dynamodb --resource-id table/<table-name> --scalable-dimension dynamodb:table:WriteCapacityUnits --min-capacity 5 --max-capacity 50 --role-arn <role-arn>

  3. Verify the auto scaling policy by running:

    aws application-autoscaling describe-scalable-targets --service-namespace dynamodb --resource-id table/<table-name>

Backout Plan:

Using AWS Console:

  1. If Auto Scaling causes issues or needs to be reverted, sign in to the AWS Management Console.

  2. Navigate to DynamoDB, select the table, and go to Edit capacity.

  3. Disable Auto Scaling for the Read Capacity and Write Capacity settings, and manually configure the capacity units as needed.

  4. Save the changes and verify that Auto Scaling is disabled.

Using AWS CLI:

  1. To disable Auto Scaling, run the following command:

    aws application-autoscaling deregister-scalable-target --service-namespace dynamodb --resource-id table/<TABLE_NAME> --scalable-dimension dynamodb:table:ReadCapacityUnits --region <REGION>

  2. Similarly, disable Auto Scaling for Write Capacity:

    aws application-autoscaling deregister-scalable-target --service-namespace dynamodb --resource-id table/<TABLE_NAME> --scalable-dimension dynamodb:table:WriteCapacityUnits --region <REGION>

  3. Verify that Auto Scaling is disabled by describing the table:

    aws dynamodb describe-table --table-name <TABLE_NAME> --region <REGION>

References:

CIS Controls Mapping:

Version

Control ID

Control Description

IG1

IG2

IG3

v8

3.4

Encrypt Data on End-User Devices – Ensure data encryption during file system access.

v8

6.7

Implement Application Layer Filtering and Content Control – Ensure appropriate content filtering is applied to sensitive files.

v8

6.8

Define and Maintain Role-Based Access Control – Implement and manage role-based access for file systems.

v8

14.6

Protect Information Through Access Control Lists – Apply strict access control to file systems.