Amazon Dynamodb

Amazon DynamoDB

DynamoDB is a fully managed, serverless, NoSQL database that supports key-value and document data models with millisecond performance and automatic scaling.

Overview

DynamoDB is a fully managed, serverless, NoSQL database that delivers millisecond performance and can automatically scale tables to adjust for capacity. It has a flexible schema, allowing each item to have many different attributes, giving you the ability to adapt as business requirements change without redefining table schema.

Key Characteristics

• Supports both key-value and document data models
• Flexible schema where each item can have different attributes
• Consistent response times in single-digit millisecond range
• Automatically scales tables to adjust for capacity with zero administration
• Continuously backs up data for protection
• Encrypts data with built-in security

Use Cases

Software Applications

Build internet-scale applications that support user-content metadata and caches requiring high concurrency and connections for millions of users and requests per second.

Media Metadata Stores

Scale throughput and concurrency for media and entertainment workloads such as real-time video streaming and interactive content with lower latency through multi-Region replication.

Gaming Platforms

Focus on innovation with no operational overhead. Build game platforms with player data, session history, and leaderboards for millions of concurrent users.

Key Features

Serverless Performance with Limitless Scalability

Secondary Indexes:

• Global and local secondary indexes provide flexibility on how to access data
• Provision lower write throughput with excellent performance at lower cost

DynamoDB Streams:

• Change data capture capability
• Records time-ordered sequence of every item-level change in near-real time
• Ideal for event-driven architecture applications to consume and action changes
• Applications can view data items as they appeared before and after modification

Global Tables:

• Multi-Region, multi-active data replication across choice of AWS Regions
• Write and read from any replica
• Globally distributed applications access data locally for single-digit millisecond performance
• Automatically scale capacity to accommodate multi-Region workloads

Built-in Security and Reliability

Security Features:

• Uses IAM to authenticate, create, and access resources
• Encrypts all customer data at rest by default
• No usernames or passwords - uses IAM for authentication
• Fine-grained access control down to specific items and attributes

Data Protection:

• Point-in-time recovery (PITR) protects from accidental write or delete operations
• Continuous backups with restore to any point in time up to second during preceding 35 days

DynamoDB Data Structure

Note

Core Components:

• Table: Collection of data containing zero or more items, unique to account ID and region
• Item: Group of attributes uniquely identifiable among all other items (similar to table row)
• Attribute: Fundamental data element (key-value pair, e.g., Key = Name, Value = Sam)

Primary Keys

Simple Primary Key:

• Composed of one attribute known as partition key (hash key)
• All items must have partition key

Composite Primary Key:

• Combination of partition key and sort key
• Sort key optional but enables rich query capabilities
• Sort keys can be timestamps, version numbers, or audit log IDs for creating data groupings

Additional Attributes:

• Items can have zero or more additional attributes beyond primary key

Sample Base Table: IoT Sensor Data

Example DynamoDB table structure for IoT sensor data from two devices:

Partition Key (Device ID)	Sort Key (Timestamp)	Temperature	Error Status
1	2023-11-20 15:42:00	41.9	Low
1	2023-11-20 15:42:30	42	-
1	2023-11-20 15:43:00	39	Low
2	2023-11-20 15:42:00	47	Low
2	2023-11-20 15:42:30	49	High
2	2023-11-20 15:43:00	46.9	-

This table can be queried to read attributes associated with a device, or entire table can be scanned to get all device readings. For queries based on attributes other than partition/sort keys without full table scan, use secondary indexes.

Secondary Indexes

Global Secondary Index (GSI)

DynamoDB creates read-only copy of base table where you can pivot data around different partition and sort keys, providing alternate schema on your DynamoDB base table.

Example: Temperature-based Query

• Base Table Query: For given device ID and timestamp, find associated temperature and error status
• GSI Query: For given temperature and device ID, find associated error status and timestamp

GSI Characteristics:

• Both partition key and sort key can be different from base table
• Can create and remove GSI at any time
• No data size limits (maximum 20 GSIs per table)
• Separate capacity provisioned for GSIs
• Eventually consistent reads - data becomes consistent within 1 second typically

Local Secondary Index (LSI)

Uses same partition key as base table but alternate sort key, providing strongly consistent reads when needed.

Example: Error Status Query

• Base Table Query: For given device ID and timestamp, find associated temperature and error status
• LSI Query: For given device ID and error status, find temperature and timestamp

LSI Characteristics:

• Same partition key as base table, different sort key
• Must be created along with table (cannot add/remove later)
• Data size limits apply (maximum 5 LSIs per table)
• Queries/scans consume read capacity from base table
• Choice of eventual consistency or strong consistency

Eventually Consistent Reads

Response might not reflect results of recently completed write operation. Default behavior with GSIs.

Strongly Consistent Reads

Returns response with most up-to-date data, reflecting updates from all previous successful write operations. Available with LSIs.

Multi-Region Replication: Global Tables

Global tables provide multi-region, multi-active database for fast local read and write performance for global applications.

Global Table Structure

• Global Table: Collection of one or more replica tables, all owned by single AWS account
• Replica Table: Single DynamoDB table that functions as part of global table
• Each replica stores same set of data items
• Can add replica tables to make global table available in additional Regions

Use Case Example

Scenario: Large customer base across US west coast, South Europe, and north China requiring profile updates.

Solution: Create global table with three Region-specific CustomerProfiles tables. DynamoDB automatically replicates data changes among tables, enabling:

• Seamless data propagation between Regions
• High availability even if one Region becomes temporarily unavailable
• Fast local read/write performance for globally distributed applications

Security Best Practices

Preventative Security Measures

IAM Roles

Use IAM roles to authenticate access for users, applications, and other AWS services

IAM Policies

Use IAM policies for DynamoDB base authorization implementing least privilege principle

Fine-grained Access Control

Use IAM policy conditions for fine-grained access control down to specific items and attributes

VPC Endpoint

Use VPC endpoint and policies to access DynamoDB only from required VPC, preventing traffic traversal over open internet

Detective Security Measures

AWS CloudTrail Integration:

• Monitor AWS managed AWS KMS key usage for encryption at rest
• Monitor DynamoDB operations through CloudTrail event logging
• Record actions taken on account for visibility into user activity

AWS Config Integration:

• Continuously monitor and record configuration changes of AWS resources
• Monitor DynamoDB compliance with AWS Config rules
• Assess resource configurations against internal practices, industry guidelines, and regulations

DynamoDB encrypts all user data at rest stored in tables, indexes, streams, and backups using encryption keys stored in AWS KMS, providing additional layer of data protection by securing data from unauthorized access to underlying storage.