Risk Level: High
Cloud Entity: Amazon DynamoDB
CloudGuard Rule ID: D9.AWS.AS.11
Covered by Spectral: No
Category: Database

GSL LOGIC

DynamoDBTable should not have itemCount=0

REMEDIATION

From Portal

Sign in to the AWS Management Console.
Navigate to Amazon DynamoDB Tables Console at https://console.aws.amazon.com/dynamodbv2/home?#tables
Click on the name (link) of the DynamoDB table that you want to examine.
Select the 'Overview' tab (the default tab) to access the general configuration settings available for the selected table.
Scroll down until you reach the 'Items summary' section, and check the Item count parameter value.
If the Item count parameter value is set to 0 (zero), the selected Amazon DynamoDB table is not in use anymore and can be safely removed from your AWS cloud account.
To delete the unused table scroll up and in the top left corner press the 'Actions' tab, and then click on the 'Delete Table' button.
Repeat these steps for every DynamoDB Table you have, and don't forget to check other DynamoDB Tables in your other regions.

From TF

After finding a table that is unused, run the following command to delete it:

terraform destroy --target aws_dynamodb_table.EXAMPLE_TABLE_ID

From Command Line

Run the following command to list all of your DynamoDB Tables in a specific region:

aws DynamoDB list-tables --region REGION_NAME --output table --query 'TableNames'

To check whether a specific table is unused, run the following command on a table name (returned from the last command):

aws DynamoDB describe-table --region REGION_NAME --table-name TABLE_NAME --query 'Table.ItemCount'

If the returned value is 0, the table is unused. To delete the unused table, run the following command:

aws DynamoDB delete-table --region REGION_NAME --table-name TABLE_NAME

Repeat these steps for every DynamoDB Table you have, and don't forget to check other DynamoDB Tables in your other regions.

References

https://awscli.amazonaws.com/v2/documentation/api/latest/reference/dynamodb/list-tables.html
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/dynamodb/describe-table.html
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/dynamodb/delete-table.html

Amazon DynamoDB

Amazon DynamoDB is a fast and flexible nonrelational database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models. Its flexible data model, reliable performance, and automatic scaling of throughput capacity make it a great fit for mobile, web, gaming, ad tech, IoT, and many other applications

Compliance Frameworks

CloudGuard AWS All Rules Ruleset