🛡️ AWS DynamoDB Provisioned Table Auto Scaling is not configured🟢

Contextual name: 🛡️ Provisioned Table Auto Scaling is not configured🟢
ID: /ce/ca/aws/dynamodb/table-auto-scaling
Tags:
- 🟢 Policy with categories
- 🟢 Policy with type
- 🟢 Production policy
Policy Type: COMPLIANCE_POLICY
Policy Categories: SECURITY

Logic

🧠 prod.logic.yaml🟢
- 📗 AWS DynamoDB Table
- 🔌 AWS DynamoDB Table - object.extracts.yaml
- 🧪 test-data.json

Similar Policies

AWS Security Hub: [DynamoDB.1] DynamoDB tables should automatically scale capacity with demand
Internal: dec-x-17b4855f

Similar Internal Rules

Rule	Policies	Flags
✉️ dec-x-17b4855f	1

Description

Open File

Description

This policy checks that Amazon DynamoDB tables configured with provisioned throughput mode have Auto Scaling enabled.

Rationale

DynamoDB Auto Scaling automates the management of throughput capacity for tables. It dynamically adjusts provisioned read and write capacity in response to actual traffic patterns. This helps maintain application performance by preventing request throttling while reducing costs by automatically decreasing capacity for idle workloads.

Impact

Without Auto Scaling, DynamoDB tables are at risk of being either over-provisioned, leading to unnecessary costs, or under-provisioned, resulting in throttled requests, increased latency, and potential service disruptions.

Audit

This policy marks an AWS DynamoDB Table as INCOMPLIANT if it is in Provisioned mode but does not have a related AWS App AutoScaling Scalable Target record in the CMDB.

Table configured with On-Demand capacity mode is flagged as INAPPLICABLE.

Remediation

Open File

Remediation

From Command Line

Option 1: Enable Auto Scaling for Provisioned Mode

Register a Scalable Target

Use the following command to register a scalable target for the specified read or write capacity of your DynamoDB table:
aws application-autoscaling register-scalable-target \
    --service-namespace dynamodb \
    --resource-id "table/{{dynamodb-table-name}}" \
    --scalable-dimension "{{dynamodb:table:WriteCapacityUnits/ReadCapacityUnits}}" \
    --min-capacity 5 \
    --max-capacity 10
Define a Scaling Policy

Create a JSON file named {{scaling-policy}}.json that defines the target tracking scaling policy. The policy configuration should include:

PredefinedMetricSpecification - Specifies the predefined metric to be tracked. The valid values include:

DynamoDBReadCapacityUtilization

DynamoDBWriteCapacityUtilization

ScaleOutCooldown - Cooldown period (in seconds) to wait after a scale-out event.

ScaleInCooldown - Cooldown period (in seconds) to wait after a scale-in event.

... see more

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Compliance
💼 AWS Foundational Security Best Practices v1.0.0 → 💼 [DynamoDB.1] DynamoDB tables should automatically scale capacity with demand		1	1	no data
💼 Cloudaware Framework → 💼 Resource Optimization			24	no data
💼 Cloudaware Framework → 💼 Workload Efficiency			24	no data
💼 FedRAMP High Security Controls → 💼 CP-2(2) Capacity Planning (H)			3	no data
💼 FedRAMP High Security Controls → 💼 CP-6(2) Recovery Time and Recovery Point Objectives (H)			12	no data
💼 FedRAMP High Security Controls → 💼 CP-10 System Recovery and Reconstitution (L)(M)(H)	2		12	no data
💼 FedRAMP Low Security Controls → 💼 CP-10 System Recovery and Reconstitution (L)(M)(H)			12	no data
💼 FedRAMP Moderate Security Controls → 💼 CP-10 System Recovery and Reconstitution (L)(M)(H)	1		12	no data
💼 NIST CSF v2.0 → 💼 PR.IR-03: Mechanisms are implemented to achieve resilience requirements in normal and adverse situations			15	no data
💼 NIST CSF v2.0 → 💼 RC.RP-01: The recovery portion of the incident response plan is executed once initiated from the incident response process			12	no data
💼 NIST CSF v2.0 → 💼 RC.RP-02: Recovery actions are selected, scoped, prioritized, and performed			12	no data
💼 NIST CSF v2.0 → 💼 RC.RP-05: The integrity of restored assets is verified, systems and services are restored, and normal operating status is confirmed			12	no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-2(2) Contingency Plan _ Capacity Planning			3	no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-6(2) Alternate Storage Site _ Recovery Time and Recovery Point Objectives			12	no data
💼 NIST SP 800-53 Revision 5 → 💼 CP-10 System Recovery and Reconstitution	6		12	no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-5(2) Denial-of-service Protection _ Capacity, Bandwidth, and Redundancy			11	no data
💼 NIST SP 800-53 Revision 5 → 💼 SC-36 Distributed Processing and Storage	2		6	no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-13(5) Predictable Failure Prevention _ Failover Capability			11	no data

Logic​

Similar Policies​

Similar Internal Rules​

Description​

Description​

Rationale​

Impact​

Audit​

Remediation​

Remediation​

From Command Line​

Option 1: Enable Auto Scaling for Provisioned Mode​

Register a Scalable Target​

Define a Scaling Policy​

policy.yaml​

Linked Framework Sections​

Logic

Similar Policies

Similar Internal Rules

Description

Description

Rationale

Impact

Audit

Remediation

Remediation

From Command Line

Option 1: Enable Auto Scaling for Provisioned Mode

Register a Scalable Target

Define a Scaling Policy

policy.yaml

Linked Framework Sections