Customer KMS Keys for Encryption
Amazon DynamoDB tables allow Customer Master Keys (CMKs). DynamoDB supports to switch from AWS-owned CMKs to customer-managed CMKs managed using Amazon Key Management Service (KMS), without any code to encrypt the data.
VPC Endpoint Enabled
A VPC endpoint for DynamoDB enables Amazon EC2 instances in your VPC to use their private IP addresses to access DynamoDB with no exposure to the public internet. Your EC2 instances do not require public IP addresses, and you do not need an internet gateway, a NAT device, or a virtual private gateway in your VPC.
Amazon DynamoDB auto scaling uses the AWS Application Auto Scaling service to dynamically adjust provisioned throughput capacity on your behalf, in response to actual traffic patterns. This enables a table or a global secondary index to increase its provisioned read and write capacity to handle sudden increases in traffic, without throttling.
Table Backup Enabled
DynamoDB table without backup can result in accidental data loss. Ensure that your AWS DynamoDB tables make use of Point-in-time Recovery (PITR) feature in order to automatically take continuous backups of your DynamoDB data.
AWS charges you for DynamoDB Read & Write capacity, regardless whether or not you use the provisioned capacity units for your tables.
Help Us Improve!
If you have any suggestions to improve this checklist, please let us know by filling out