Configuration to create AWS Backup plans and vaults. AWS Backup automates the process of backing up of data across AWS services including EFS, DynamoDB, EC2, EBS, Aurora, RDS, and Storage Gateway, as well as setting custom retention policies, access policies, and encryption

Configuration to enable AWS CloudTrail in an AWS account for logging DynamoDB Data Events. Data Events for Amazon DynamoDB record object-level API activity (for example, Query, PuItem, Scan, DeleteItem, GetItem, etc.)

A config rule that checks whether Auto Scaling is enabled on your DynamoDB tables and/or global secondary indexes. Optionally you can set the read and write capacity units for the table or global secondary index.

A config rule that checks whether the Amazon DynamoDB tables are encrypted and checks their status. The rule is COMPLIANT if the status is enabled or enabling.

A config rule that checks whether provisioned DynamoDB throughput is approaching the maximum limit for your account. By default, the rule checks if provisioned throughput exceeds a threshold of 80% of your account limits.

A config rule that checks that point in time recovery (PITR) is enabled for Amazon DynamoDB tables. The rule is NON_COMPLIANT if point in time recovery is not enabled for Amazon DynamoDB tables.

A config rule that checks whether Amazon DynamoDB table is encrypted with AWS Key Management Service (KMS). The rule is NON_COMPLIANT if DynamoDB DynamoDB table is not encrypted with AWS KMS. The rule is also NON_COMPLIANT if the encrypted AWS KMS key is not present in kmsKeyArns input parameter.

A config rule that checks that DynamoDB Accelerator (DAX) clusters are encrypted. The rule is NON_COMPLIANT if a DAX cluster is not encrypted.

A Config rule that checks whether Amazon DynamoDB table is present in AWS Backup plans. The rule is NON_COMPLIANT if DynamoDB tables are not present in any AWS Backup plan.

Checks if a recovery point was created for Amazon DynamoDB Tables within the specified period. The rule is NON_COMPLIANT if the DynamoDB Table does not have a corresponding recovery point created within the specified time period.

Checks if Amazon DynamoDB tables are protected by a backup plan. The rule is NON_COMPLIANT if the DynamoDB Table is not covered by a backup plan.

A policy that allows full access to a DynamoDB table with the specified name. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

A policy that allows access to the specific DynamoDB columns. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

An IAM policy that grants permissions for the GetItem and BatchGetItem DynamoDB actions only and thereby sets read-only access to a table. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

An IAM policy that grants permissions policy grants permissions for all of the DynamoDB actions on a specific table and all of the table's indexes. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.

An IAM policy that allows users to view reserved capacity offerings and current purchases using the AWS Management Console—but new purchases are denied. This policy provides the permissions necessary to complete this action using the AWS Console or AWS API/AWS CLI.

An IAM policy that grants users permissions to access the streams on a DynamoDB table, but not to the table itself. This policy provides the permissions necessary to complete this action using the AWS API or AWS CLI only.