If you are using DynamoDB in your AWS environment, it is important that you ensure it meets your security requirements. DynamoDB is a fast and flexible NoSQL database service that supports both document and key-value store models. You can now reason on AMI attributes within the Dome9 Compliance Engine.

Some of the AMIs contain sensitive information that should not be made publicly available. With this support you can now verify whether the DynamoDb tables are encrypted. You can also enforce certain characteristics such as maximum table size, and max number of items in the table among many other attributes.

Below are a few queries that you could to analyze your DynamoDB instances in your infrastructure:

Examples

– Check that table is encrypted

DynamoDbTable should have encrypted=true

– Enforce maximum table size

DynamoDbTable should have tableSizeBytes<100

– Enforce number of items in table

DynamoDbTable should have itemCount<100