Vendor services misconfigurations

DynamoDB table auto scaling is disabled

Platform(s)
Compliance Frameworks
  • AWS Foundational Security Best Practices Controls
  • ,
  • Brazilian General Data Protection (LGPD)
  • ,
  • CCM-CSA
  • ,
  • CCPA
  • ,
  • CPRA
  • ,
  • GDPR
  • ,
  • HITRUST
  • ,
  • iso_27001_2022
  • ,
  • iso_27002_2022
  • ,
  • New Zealand Information Security Manual
  • ,
  • NIST 800-171
  • ,
  • NIST 800-53
  • ,
  • PDPA
  • ,
  • pipeda
  • ,
  • UK Cyber Essentials

Description

Amazon DynamoDB auto scaling uses the AWS Application Auto Scaling service to dynamically alter provisioned throughput capacity, instead of the customer actual traffic patterns. This allows a table or global secondary index to increase its provisioned read and write capacity to handle spikes in traffic without throttling. When the workload decreases, Application Auto Scaling reduces throughput so the customer doesn't have to pay for unused provisioned capacity. This mode is called provision mode, the other mode is on-demand mode. In this mode the customer pay for on demand actual reads and writes occur at the DynamoDB table. We have found that DynamoDB table is in provisioned mode and auto scaling for capacity is not enabled. In this case the capacity won't match the real time demand and can cause insufficient capacity or much higher costs.