The Amazon DynamoDB security scan on Vectrix detects a variety of DynamoDB security issues in a connected AWS account that could be leaving you vulnerable or non-compliant. This includes unrestricted endpoints, insecure network ACLs, unused gateways, and other security issues.
Scan on-demand to detect active DynamoDB security issues that you have.
Monitor continuously to get alerted about new DynamoDB security issues in the future.
Don't know how Amazon DynamoDB works? Read more below.
What this scan detects
Disabled table backups
Having automated DynamoDB table backups disabled could be problematic as in the event of a table being deleted - whether intentionally or unintentionally - can leave users without a way to restore the information stored in the table.
Deletion of a table backup
Deletion of a DynamoDB table backup could be problematic as it is a potential warning sign of unauthorized activity in your AWS account. Use Monitoring to receive this finding.
Unencrypted AWS DAX clusters
Unencrypted DAX (DynamoDB Accelerator) clusters can be problematic as they not only present the risk of compliance violations, but also leave data stored in the cluster at greater risk of leakage in the event of a security incident, like a data breach.
Disabled table encryption with AWS-managed CMKs
Tables that are not encrypted using AWS-managed CMKs (Customer Master Keys) can be problematic as they not only present the risk of compliance violations, but can also leave a greater chance of incident with the internal use and maintenance of customer-managed CMKs.