01 First, you need to define the trust relationship policy for the required IAM service role. The IAM service role allows Auto Scaling to modify the provisioned throughput settings for your DynamoDB table as if you were modifying them yourself. To create the trust relationship policy for the role, paste the following information into a new policy document file named service-role-trust-policy.json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "application-autoscaling.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
02 Run create-role command (OSX/Linux/UNIX) to create the necessary IAM service role using the trust relationship policy defined at the previous step (i.e. service-role-trust-policy.json):
aws iam create-role
--role-name cc-dynamodb-autoscale-role
--assume-role-policy-document file://service-role-trust-policy.json
03 The command output should return the IAM service role metadata:
{
"Role": {
"AssumeRolePolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "application-autoscaling.amazonaws.com"
}
}
]
},
"RoleId": "AAAAABBBBBCCCCCDDDDDD",
"CreateDate": "2017-11-10T17:15:18.926Z",
"RoleName": "cc-dynamodb-autoscale-role",
"Path": "/",
"Arn": "arn:aws:iam::123456789012:role/cc-dynamodb-autoscale-role"
}
}
04 Define the access policy for the newly created AWS IAM service role. To create the required access policy, paste the following information into a new JSON document named service-role-access-policy.json:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:DescribeTable",
"dynamodb:UpdateTable",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DescribeAlarms",
"cloudwatch:GetMetricStatistics",
"cloudwatch:SetAlarmState",
"cloudwatch:DeleteAlarms"
],
"Resource": "*"
}
]
}
05 Run create-policy command (OSX/Linux/UNIX) to create the IAM service role policy using the document defined at the previous step, i.e. service-role-access-policy.json:
aws iam create-policy
--region us-east-1
--policy-name cc-dynamodb-autoscale-policy
--policy-document file://service-role-access-policy.json
06 The command output should return the command request metadata (including the access policy ARN):
{
"Policy": {
"PolicyName": "cc-dynamodb-autoscale-policy",
"CreateDate": "2017-11-10T17:16:30.926Z",
"AttachmentCount": 0,
"IsAttachable": true,
"PolicyId": "AAAABBBBCCCCCDDDDEEEE",
"DefaultVersionId": "v1",
"Path": "/",
"Arn": "arn:aws:iam::123456789012:policy/cc-dynamodb-autoscale-policy",
"UpdateDate": "2017-11-10T17:16:30.926Z"
}
}
07 Run attach-role-policy command (OSX/Linux/UNIX) to attach the access policy created at step no. 5, identified by the ARN "arn:aws:iam::123456789012:policy/cc-dynamodb-autoscale-policy", to the IAM service role created at step no. 2, named "cc-dynamodb-autoscale-role" (the command does not produce an output):
aws iam attach-role-policy
--region us-east-1
--role-name cc-dynamodb-autoscale-role
--policy-arn arn:aws:iam::123456789012:policy/cc-dynamodb-autoscale-policy
08 To continue the setup process, run register-scalable-target command (OSX/Linux/UNIX) to register the DynamoDB table's write capacity as a scalable target with Amazon Application Auto Scaling. The following Auto Scaling configuration allows the service to adjust the provisioned write capacity for "cc-customer-catalog" table within the range of 3 to 50 capacity units (the command does not return an output):
aws application-autoscaling register-scalable-target
--region us-east-1
--service-namespace dynamodb
--resource-id "table/cc-customer-catalog"
--scalable-dimension "dynamodb:table:WriteCapacityUnits"
--min-capacity 3
--max-capacity 50
--role-arn arn:aws:iam::123456789012:role/cc-dynamodb-autoscale-role
09 Define the policy for the scalable target created at the previous step. To create the required scaling policy, paste the following information into a new policy document named scaling-policy.json:
{
"PredefinedMetricSpecification": {
"PredefinedMetricType": "DynamoDBWriteCapacityUtilization"
},
"ScaleOutCooldown": 60,
"ScaleInCooldown": 60,
"TargetValue": 70.0
}
10 Execute put-scaling-policy command (OSX/Linux/UNIX) to attach the scaling policy defined at the previous step to the scalable target registered at step no. 8. The put-scaling-policy command request will also enable Application Auto Scaling to create two AWS CloudWatch alarms - one for the upper and one for the lower boundary of the scaling target range:
aws application-autoscaling put-scaling-policy
--region us-east-1
--service-namespace dynamodb
--resource-id "table/cc-customer-catalog"
--scalable-dimension "dynamodb:table:WriteCapacityUnits"
--policy-name "cc-scaling-policy"
--policy-type "TargetTrackingScaling"
--target-tracking-scaling-policy-configuration file://scaling-policy.json
11 The command output should return the request metadata, including information regarding the newly created Amazon CloudWatch alarms:
{
"Alarms": [
{
"AlarmName": "TargetTracking-table/cc-customer-catalog-ProvisionedCapacityHigh-aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeee",
"AlarmARN": "arn:aws:cloudwatch:us-east-1:123456789012:alarm:TargetTracking-table/cc-customer-catalog-ProvisionedCapacityHigh-aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeee"
},
{
"AlarmName": "TargetTracking-table/cc-customer-catalog-ProvisionedCapacityLow-aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeee",
"AlarmARN": "arn:aws:cloudwatch:us-east-1:123456789012:alarm:TargetTracking-table/cc-customer-catalog-ProvisionedCapacityLow-aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeee"
}
],
"PolicyARN": "arn:aws:autoscaling:us-east-1:123456789012:scalingPolicy:aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeee:resource/dynamodb/table/cc-customer-catalog:policyName/cc-scaling-policy"
}
12 Repeat steps no. 8 – 11 to enable and configure Auto Scaling for other Amazon DynamoDB tables provisioned within the current region.
13 Change the AWS region by updating the --region command parameter value and repeat the entire process for other regions.