By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

Configuration Packages

Strategy Guides

Other

DynamoDB Security Controls

A collection of AWS Security controls for DynamoDB. Controls include IAM policies, CloudWatch events and alarms for monitoring as well as Config rules. Configuration templates are available in AWS CloudFormation, AWS CLI and Terraform

Backup

Configuration to create AWS Backup plans and vaults. AWS Backup automates the process of backing up of data across AWS services including EFS, DynamoDB, EC2, EBS, Aurora, RDS, and Storage Gateway, as well as setting custom retention policies, access policies, and encryption

CloudFormationTerraformAWS CLI
Logging & Monitoring

Configuration to enable AWS CloudTrail in an AWS account for logging DynamoDB Data Events. Data Events for Amazon DynamoDB record object-level API activity (for example, Query, PuItem, Scan, DeleteItem, GetItem, etc.)

CloudFormationTerraformAWS CLI
Config Rule

A config rule that checks whether Auto Scaling is enabled on your DynamoDB tables and/or global secondary indexes. Optionally you can set the read and write capacity units for the table or global secondary index.

CloudFormationTerraformAWS CLI

A config rule that checks whether the Amazon DynamoDB tables are encrypted and checks their status. The rule is COMPLIANT if the status is enabled or enabling.

CloudFormationTerraformAWS CLI

A config rule that checks whether provisioned DynamoDB throughput is approaching the maximum limit for your account. By default, the rule checks if provisioned throughput exceeds a threshold of 80% of your account limits.

CloudFormationTerraformAWS CLI

A config rule that checks that point in time recovery (PITR) is enabled for Amazon DynamoDB tables. The rule is NON_COMPLIANT if point in time recovery is not enabled for Amazon DynamoDB tables.

CloudFormationTerraformAWS CLI

A config rule that checks whether Amazon DynamoDB table is encrypted with AWS Key Management Service (KMS). The rule is NON_COMPLIANT if DynamoDB DynamoDB table is not encrypted with AWS KMS. The rule is also NON_COMPLIANT if the encrypted AWS KMS key is not present in kmsKeyArns input parameter.

CloudFormationTerraformAWS CLI

A config rule that checks that DynamoDB Accelerator (DAX) clusters are encrypted. The rule is NON_COMPLIANT if a DAX cluster is not encrypted.

CloudFormationTerraformAWS CLI

A Config rule that checks whether Amazon DynamoDB table is present in AWS Backup plans. The rule is NON_COMPLIANT if DynamoDB tables are not present in any AWS Backup plan.

CloudFormationTerraformAWS CLI
IAM Policy

A policy that allows full access to a DynamoDB table with the specified name. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

CloudFormationTerraformAWS CLI

A policy that allows access to the specific DynamoDB columns. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

CloudFormationTerraformAWS CLI

An IAM policy that grants permissions for the GetItem and BatchGetItem DynamoDB actions only and thereby sets read-only access to a table. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

CloudFormationTerraformAWS CLI

An IAM policy that grants permissions policy grants permissions for all of the DynamoDB actions on a specific table and all of the table's indexes. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

CloudFormationTerraformAWS CLI

An IAM policy that allows users to view reserved capacity offerings and current purchases using the AWS Management Console—but new purchases are denied. This policy provides the permissions necessary to complete this action using the AWS Console or AWS API/AWS CLI.

CloudFormationTerraformAWS CLI

An IAM policy that grants users permissions to access the streams on a DynamoDB table, but not to the table itself. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

CloudFormationTerraformAWS CLI
Filter by source
 
Backup
Logging & Monitoring
Config Rule
IAM Policy