Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Enable CloudWatch Contributor Insights

Trend Micro Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 750 automated best practice checks.

Risk Level: Medium (should be achieved)

Ensure that CloudWatch Contributor Insights monitoring feature is enabled for your Amazon DynamoDB tables. Amazon CloudWatch Contributor Insights for DynamoDB provides a quick and easy way to pinpoint the most frequently accessed and throttled keys in your tables or indexes. The feature uses CloudWatch Contributor Insights, a service designed for analyzing and identifying top contributors to operational issues in AWS cloud, facilitating faster troubleshooting and optimization.

Performance
efficiency
Operational
excellence

Enabling CloudWatch Contributor Insights for Amazon DynamoDB tables grants you visibility into the most accessed and throttled items within your DynamoDB tables and their indexes.

Audit

To determine if CloudWatch Contributor Insights is enabled for your DynamoDB tables, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon DynamoDB console available at https://console.aws.amazon.com/dynamodbv2/.

03 In the main navigation panel, under Dashboard, choose Tables.

04 Click on the name (link) of the Amazon DynamoDB table that you want to examine.

05 Select the Monitor tab to access the monitoring settings available for the selected table.

06 Click on the CloudWatch Contributor Insights for DynamoDB tab and check the feature status and data graphs. If there are no data graphs, instead the Turn on CloudWatch Contributor Insights button is available and the following message is displayed: CloudWatch Contributor Insights is not active, the CloudWatch Contributor Insights monitoring feature is not enabled for the selected Amazon DynamoDB table.

07 Repeat steps no. 4 – 6 for each Amazon DynamoDB table available within the current AWS region.

08 Change the AWS cloud region from the navigation bar and repeat the Audit process for other regions.

Using AWS CLI

01 Run list-tables command (OSX/Linux/UNIX) with custom query filters to list the name of each Amazon DynamoDB table created in the selected AWS cloud region: 

aws dynamodb list-tables
  --region us-east-1
  --output table
  --query 'TableNames'

02 The command output should return a table with the requested table name(s): 

--------------------------
|       ListTables       |
+------------------------+
|  cc-product-reviews    |
|  cc-product-inventory  |
+------------------------+

03 Run describe-contributor-insights command (OSX/Linux/UNIX) using the name of the Amazon DynamoDB table that you want to examine as the identifier parameter and custom query filters to return the CloudWatch Contributor Insights feature status for the selected table: 

aws dynamodb describe-contributor-insights 
  --region us-east-1 
  --table-name cc-product-reviews 
  --query 'ContributorInsightsStatus'

04 The command output should the feature status for the selected table: 

"DISABLED"

If the describe-contributor-insights command output returns "DISABLED", as shown in the output example above, the CloudWatch Contributor Insights monitoring feature is not enabled for the selected Amazon DynamoDB table.

05 Repeat steps no. 3 and 4 for each DynamoDB table available in the selected AWS region.

06 Change the AWS cloud region by updating the --regioncommand parameter value and repeat the Audit process for other regions.

Remediation / Resolution

To enable CloudWatch Contributor Insights feature for your existing Amazon DynamoDB tables, perform the following operations:

Using AWS Console

01 Sign in to the AWS Management Console.

02 Navigate to Amazon DynamoDB console available at https://console.aws.amazon.com/dynamodbv2/.

03 In the main navigation panel, under Dashboard, choose Tables.

04 Click on the name (link) of the Amazon DynamoDB table that you want to configure.

05 Select the Monitor tab to access the monitoring settings available for the selected table.

06 Click on the CloudWatch Contributor Insights for DynamoDB tab and choose Turn on CloudWatch Contributor Insights to initiate the setup process.

07 In the Manage CloudWatch Contributor Insights settings configuration box, click on the Turn on button for both the base table and the global secondary index (if there is one created), then choose Save changes to apply the configuration changes and enable the CloudWatch Contributor Insights feature. The Contributor Insights data graphs should be visible now on the CloudWatch Contributor Insights for DynamoDB tab.

08 Repeat steps no. 4 – 7 for each Amazon DynamoDB table that you want to configure, available in the current AWS region.

09 Change the AWS cloud region from the navigation bar and repeat the Remediation process for other regions.

Using AWS CLI

01 Run update-contributor-insights command (OSX/Linux/UNIX) using the name of the Amazon DynamoDB table that you want to configure as the identifier parameter, to enable the CloudWatch Contributor Insights feature for the selected DynamoDB table its global secondary index: 

aws dynamodb update-contributor-insights 
  --region us-east-1
  --table-name cc-product-reviews 
  --index-name cc-product-test-index 
  --contributor-insights-action=ENABLE

02 The command output should return the feature configuration information: 

{
	"TableName": "cc-product-reviews",
	"IndexName": "cc-product-test-index ",
	"ContributorInsightsStatus": "ENABLING"
}

03 Repeat steps no. 1 and 2 for each Amazon DynamoDB table that you want to configure, available in the selected AWS region.

04 Change the AWS cloud region by updating the --region command parameter value and repeat the Remediation process for other AWS regions.

References

Publication date Jan 11, 2024

Related DynamoDB rules

Unlock the Remediation Steps

Free 30-day Trial

Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

Confirmity Cloud Platform

No thanks, back to article

You are auditing:

Enable CloudWatch Contributor Insights

Risk Level: Medium