Skip to main content

AWS DynamoDB

AWS DynamoDB is a fast and flexible NoSQL database service that provides consistent, single-digit millisecond latency at any scale. 

The Sumo Logic app for AWS Observability DynamoDB is a unified logs and metrics (ULM) app that provides operational insights into DynamoDB instances across your infrastructure. Preconfigured app dashboards allow you to monitor key metrics, view the throttle events, errors, latency and help you plan the capacity of DynamoDB instances in your environment.

Log and metrics types

Sample log messages

{
  "eventVersion":"1.05",
  "userIdentity":{
     "type":"IAMUser",
     "principalId":"AIDAIBF5TU7HNYUE7V676",
     "arn":"arn:aws:iam::568388783903:user/ankit",
     "accountId":"568388783903",
     "accessKeyId":"ASIAI3Q5RU4FIZFHFJZA",
     "userName":"ankit",
     "sessionContext":{
        "attributes":{
           "mfaAuthenticated":"false",
           "creationDate":"2017-10-10T23:01:45+0000"
        }
     },
     "invokedBy":"signin.amazonaws.com"
  },
  "eventTime":"2017-10-10T23:01:45+0000",
  "eventSource":"dynamodb.amazonaws.com",
  "eventName":"DescribeTable",
  "awsRegion":"us-east-1",
  "sourceIPAddress":"38.99.50.98",
  "userAgent":"signin.amazonaws.com",
  "requestParameters":{
     "tableName":"users3"
  },
  "responseElements":null,
  "requestID":"AIFQQ1I27ASKDSAQ4L9L4DTQPVVV4KQNSO5AEMVJF66Q9ASUAAJG",
  "eventID":"f2bec08c-a56a-4f04-be92-0cac7aaabe9b",
  "eventType":"AwsApiCall",
  "apiVersion":"2012-08-10",
  "recipientAccountId":"568388783903"
}

Sample queries

All IP Threat Count
_sourceCategory=Labs/AWS/DynamoDB account=* namespace=* "\"eventSource\":\"dynamodb.amazonaws.com\""
| json "eventName", "awsRegion", "requestParameters.tableName", "sourceIPAddress", "userIdentity.userName" as event_name, Region, entity, ip_address, user
| where Region matches "*" and tolowercase(entity) matches "*"
| where ip_address != "0.0.0.0" and ip_address != "127.0.0.1"
| count as ip_count by ip_address
| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=ip_address
| json field=raw "labels[*].name" as label_name
| replace(label_name, "\\/","->") as label_name
| replace(label_name, "\""," ") as label_name
| where  type="ip_address" and !isNull(malicious_confidence)
| if (isEmpty(actor), "Unassigned", actor) as Actor
| sum (ip_count) as threat_count

Viewing AWS DynamoDB dashboards

We highly recommend you view these dashboards in the Explore View of our AWS Observability solution.

All dashboards have a set of filters that you can apply to the entire dashboard. Use these filters to drill down and examine the data to a granular level.

  • You can change the time range for a dashboard or panel by selecting a predefined interval from a drop-down list, choosing a recently used time range, or specifying custom dates and times. Learn more.
  • If required, configure the refresh interval rate for a dashboard or panel by clicking the drop-down arrow next to the refresh icon.
  • Click the funnel icon in the dashboard top menu bar to filter dashboard with Template Variables.
    filter-dashboards

1. AWS DynamoDB - Overview

The AWS DynamoDB - Overview dashboard provides insights across your infrastructure for DynamoDB events, errors, requests, latency, and their trends.

Use this dashboard to:

  • Monitor average read and write capacity percentages for DynamoDB instances. 
  • Quickly identify system errors, user errors, transaction conflicts, and conditional check fail requests for DynamoDB Monitor overall resource utilization of your DynamoDB instances.

1. AWS DynamoDB - Overview .png

1. AWS DynamoDB - Capacity Planning

The AWS DynamoDB - Capacity Planning dashboard provides insights for DynamoDB read and write capacity across account allotments, consumed percentages, throttle events, and requests.

Use this dashboard to:

  • Monitor DynamoDB tables for throttled read and write requests, along with the type of operation.

  • Monitor AWS account level maximum allocations across read and write capacities.

  • Monitor resource utilization using trend panels for read and write capacity, throttled read and write requests, as well as read and write throttle events for DynamoDB throughout your infrastructure.

  • 1. AWS DynamoDB - Capacity Planning.png

2. AWS DynamoDB - Latency and Errors

The AWS DynamoDB - Latency and Errors dashboard provides insights across your infrastructure for DynamoDB errors and latency including failed requests, and latency.

Use this dashboard to:

  • Identify high get and put latencies for DynamoDB tables.
  • Quickly identify the number of conditional checks fail, and transaction conflicts for DynamoDB.
  • Monitor resource utilization using trend panels for latencies and errors for DynamoDB. 

2. AWS DynamoDB - Latency and Errors.png

3. AWS DynamoDB - Events

The AWS DynamoDB - Events dashboard provides insights across your infrastructure for DynamoDB events including trends, users, errors, updates, creations, and deletions to tables.

Use this dashboard to:

  • Monitor DynamoDB activities and ensure they are in line with expectations. 
  • Monitor different types of table events, such as create, update, and describe tables.
  • Quickly identify the top DynamoDB related errors.

3. AWS DynamoDB - Events .png

4. AWS DynamoDB - Threat Intel

The AWS DynamoDB - Threat Intel dashboard provides insights across your infrastructure for malicious requests to DynamoDB tables.

Use this dashboard to:

  • Identify malicious IPs performing operations on DynamoDB tables across using Sumo Logic Threat Intel.

4. AWS DynamoDB - Threat Intel .png

Status
Legal
Privacy Statement
Terms of Use

Copyright © 2024 by Sumo Logic, Inc.