Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Configure DynamoDB Table Class for Cost Optimization

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: Medium (should be achieved)

Review Amazon DynamoDB tables based on the storage and throughput usage patterns and switch to DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA) table class for cost optimization.

Cost
optimisation

If your DynamoDB tables primarily store data that is accessed infrequently, such as application logs, old social media posts, e-commerce order history, or past gaming achievements, then the DynamoDB Standard-IA table class is an ideal choice. This table class is designed to minimize storage costs while still providing reliable access to your DynamoDB data.


Audit

To determine the table class used by your Amazon DynamoDB tables, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon DynamoDB console available at https://console.aws.amazon.com/dynamodbv2/.

03 In the main navigation panel, under Dashboard, choose Tables.

04 Click on the name (link) of the Amazon DynamoDB table that you want to examine.

05 Select the Overview tab to access the configuration information available for the selected table.

06 In the General information section, click on the Additional info tab to show the additional information available for the table.

07 Check the Table class configuration attribute value listed under Additional info to determine the table class used for the selected DynamoDB resource. If the Table class value is set to DynamoDB Standard, the selected Amazon DynamoDB table is usind the DynamoDB Standard class (general-purpose table class) instead of the cost-optimized DynamoDB Standard-IA class.

08 Repeat steps no. 4 – 7 for each Amazon DynamoDB table available within the current AWS region.

09 Change the AWS cloud region from the navigation bar and repeat the Audit process for other regions.

Using AWS CLI

01 Run list-tables command (OSX/Linux/UNIX) with custom query filters to list the name of each Amazon DynamoDB table created in the selected AWS cloud region:

aws dynamodb list-tables
  --region us-east-1
  --output table
  --query 'TableNames'

02 The command output should return a table with the requested table name(s):

--------------------------
|       ListTables       |
+------------------------+
|  cc-product-reviews    |
|  cc-product-inventory  |
+------------------------+ 

03 Run describe-table command (OSX/Linux/UNIX) using the name of the Amazon DynamoDB table that you want to examine as the identifier parameter and custom query filters to return the table class used by the selected DynamoDB table:

aws dynamodb describe-table 
  --region us-east-1 
  --table-name cc-product-reviews 
  --query 'Table.TableClassSummary.TableClass'

04 The command output should return the requested configuration information:

"STANDARD"

If the describe-table command output returns "STANDARD", as shown in the output example above, the selected Amazon DynamoDB table is usind the DynamoDB Standard class (general-purpose table class) instead of the cost-optimized DynamoDB Standard-IA class (i.e. STANDARD_INFREQUENT_ACCESS).

05 Repeat steps no. 3 and 4 for each DynamoDB table available in the selected AWS region.

06 Change the AWS cloud region by updating the --regioncommand parameter value and repeat the Audit process for other regions.

Remediation / Resolution

To update the table class for your existing Amazon DynamoDB tables, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon DynamoDB console available at https://console.aws.amazon.com/dynamodbv2/.

03 In the main navigation panel, under Dashboard, choose Tables.

04 Click on the name (link) of the Amazon DynamoDB table that you want to configure. Review your table storage and throughput usage patterns before you update the table class in order to ensure that your application is not negatively affected by the slower data access latencies.

05 Choose Actions from the upper right menu, select Update table class, choose DynamoDB Standard-IA under Table class, then choose Save changes to apply the configuration changes. The time required to update your table class depends on your table traffic, storage size, etc. Your DynamoDB table can be accessed normally while the table class is updated.

06 Repeat steps no. 4 and 5 for each Amazon DynamoDB table that you want to configure, available in the current AWS region.

07 Change the AWS cloud region from the navigation bar and repeat the Remediation process for other regions.

Using AWS CLI

01 Run update-table command (OSX/Linux/UNIX) using the name of the Amazon DynamoDB table that you want to configure as the identifier parameter, to update the table class to DynamoDB Standard-IA class (i.e. STANDARD_INFREQUENT_ACCESS) for the selected DynamoDB table. Before you update the table class, review the table storage and throughput usage patterns. The review process is important to ensure that your application is not negatively affected by the slower data access latencies:

aws dynamodb update-table 
  --region us-east-1 
  --table-name cc-product-reviews 
  --table-class STANDARD_INFREQUENT_ACCESS

02 The command output should return the configuration information available for the selected table:

{
	"TableDescription": {
		"TableName": "cc-product-reviews",
		"TableStatus": "UPDATING",
		"CreationDateTime": "2024-01-05T11:14:28.373000+00:00",
		"ProvisionedThroughput": {
			"NumberOfDecreasesToday": 0,
			"ReadCapacityUnits": 0,
			"WriteCapacityUnits": 0
		},
		"TableSizeBytes": 520500,
		"ItemCount": 12,
		"TableArn": "arn:aws:dynamodb:us-east-1:123456789012:table/cc-product-reviews",
		"TableId": "ancd1234-abcd-1234-abcd-1234abcd1234",
		"BillingModeSummary": {
			"BillingMode": "PAY_PER_REQUEST",
			"LastUpdateToPayPerRequestDateTime": "2024-01-05T11:14:28.373000+00:00"
		},
		"TableClassSummary": {
			"TableClass": "STANDARD"
		},
		"DeletionProtectionEnabled": false
	}
}

03 Repeat steps no. 1 and 2 for each Amazon DynamoDB table that you want to configure, available in the selected AWS region.

04 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other AWS regions.

References

Publication date Jan 11, 2024