What is the best way to monitor DynamoDB events?

Hello,

Our app teams use DynamoDB heavily and I was asked to make sure that DynamoDB tables are monitored in case of any security incidents. What is the best way to accomplish this?

1 Answers

  • #465
    Up
    0
    Down

    Hello,

    Our app teams use DynamoDB heavily and I was asked to make sure that DynamoDB tables are monitored in case of any security incidents. What is the best way to accomplish this?

    #466
    Up
    1
    Down

    There are two types of events for DynamoDB: Management and Data events. Management events are things like creating/deleting a DynamoDB table, creating/deleting DynamoDB backups, or modifying a table’s settings. These events are captured by default when you have CloudTrail enabled (and for all tables in the account).

    Data events capture events like adding, updating or deleting items to a DynamoDB table. CloudTrail can log data events but it is not enabled by default, as it can become expensive to monitor depending on how active a table is. You can also selectively enable data events monitoring on specific DynamoDB tables only (or on all tables in the account/region).

    I would recommend enabling data events on tables that might host some sensitive data and you can create some alarms/reports based on things like access from suspicious IPs or anomalous access.

    More details can be found here: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/logging-using-cloudtrail.html

    You can use the following template for configuring CloudTrail and  CloudTrail DynamoDB event logging:

    https://asecure.cloud/a/CloudTrail/
    https://asecure.cloud/a/CloudTrail_DataEventsDynamoDB/

    Hope this helps!

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.