Table: aws_dynamodb_table - Query AWS DynamoDB Tables using SQL

The AWS DynamoDB service provides fully managed NoSQL database tables that are designed to provide quick and predictable performance by automatically distributing data across multiple servers. These tables support both key-value and document data models, and enable developers to build web, mobile, and IoT applications without worrying about hardware and setup. DynamoDB tables also offer built-in security, in-memory caching, backup and restore, and in-place update capabilities.

Table Usage Guide

The aws_dynamodb_table table in Steampipe provides you with information about tables within AWS DynamoDB. This table allows you, as a DevOps engineer, to query table-specific details, including provisioned throughput, global secondary indexes, local secondary indexes, and associated metadata. You can utilize this table to gather insights on tables, such as their read/write capacity mode, encryption status, and more. The schema outlines the various attributes of the DynamoDB table for you, including the table name, creation date, item count, and associated tags.

Examples

List of Dynamodb tables which are not encrypted with CMK

Identify instances where DynamoDB tables are not encrypted with a Customer Master Key (CMK). This is useful for enhancing security and compliance by ensuring all data is adequately protected.

select
  name,
  sse_description
from
  aws_dynamodb_table
where
  sse_description is null;

select
  name,
  sse_description
from
  aws_dynamodb_table
where
  sse_description is null;

List of tables where continuous backup is not enabled

Explore which tables have not enabled continuous backup, a critical feature for data loss prevention and recovery in AWS DynamoDB. This can help identify potential vulnerabilities and areas for improvement in your database management practices.

select
  name,
  continuous_backups_status
from
  aws_dynamodb_table
where
  continuous_backups_status = 'DISABLED';

select
  name,
  continuous_backups_status
from
  aws_dynamodb_table
where
  continuous_backups_status = 'DISABLED';

Point in time recovery info for each table

Determine the areas in which you can restore your AWS DynamoDB tables by identifying the earliest and latest possible recovery times. This is particularly useful in disaster recovery scenarios, where understanding the recovery timeline is crucial.

select
  name,
  point_in_time_recovery_description ->> 'EarliestRestorableDateTime' as earliest_restorable_date_time,
  point_in_time_recovery_description ->> 'LatestRestorableDateTime' as latest_restorable_date_time,
  point_in_time_recovery_description ->> 'PointInTimeRecoveryStatus' as point_in_time_recovery_status
from
  aws_dynamodb_table;

select
  name,
  json_extract(
    point_in_time_recovery_description,
    '$.EarliestRestorableDateTime'
  ) as earliest_restorable_date_time,
  json_extract(
    point_in_time_recovery_description,
    '$.LatestRestorableDateTime'
  ) as latest_restorable_date_time,
  json_extract(
    point_in_time_recovery_description,
    '$.PointInTimeRecoveryStatus'
  ) as point_in_time_recovery_status
from
  aws_dynamodb_table;

List of tables where streaming is enabled with destination status

Determine the areas in which streaming is enabled and assess the status of these destinations. This is useful for monitoring the health and activity of your streaming destinations.

select
  name,
  d ->> 'StreamArn' as kinesis_stream_arn,
  d ->> 'DestinationStatus' as stream_status
from
  aws_dynamodb_table,
  jsonb_array_elements(
    streaming_destination -> 'KinesisDataStreamDestinations'
  ) as d

select
  name,
  json_extract(d.value, '$.StreamArn') as kinesis_stream_arn,
  json_extract(d.value, '$.DestinationStatus') as stream_status
from
  aws_dynamodb_table,
  json_each(
    streaming_destination,
    'KinesisDataStreamDestinations'
  ) as d

Query examples

Control examples

Schema for aws_dynamodb_table

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
archival_summary	jsonb		Contains information about the table archive.
arn	text		The Amazon Resource Name (ARN) that uniquely identifies the table.
attribute_definitions	jsonb		An array of AttributeDefinition objects. Each of these objects describes one attribute in the table and index key schema.
billing_mode	text		Controls how AWS charges for read and write throughput and manage capacity.
continuous_backups_status	text		The continuous backups status of the table. ContinuousBackupsStatus can be one of the following states: ENABLED, DISABLED.
creation_date_time	timestamp with time zone		The date and time when the table was created.
deletion_protection_enabled	boolean		Indicates whether deletion protection is enabled (true) or disabled (false) on the table.
global_table_version	text		Represents the version of global tables (https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/GlobalTables.html) in use, if the table is replicated across AWS Regions.
item_count	bigint		Number of items in the table. Note that this is an approximate value.
key_schema	jsonb		The primary key structure for the table.
latest_stream_arn	text		The Amazon Resource Name (ARN) that uniquely identifies the latest stream for this table.
latest_stream_label	text		A timestamp, in ISO 8601 format, for this stream.
name	text	=	The name of the table.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
point_in_time_recovery_description	jsonb		The description of the point in time recovery settings applied to the table.
read_capacity	bigint		The maximum number of strongly consistent reads consumed per second before DynamoDB returns a ThrottlingException.
region	text		The AWS Region in which the resource is located.
replicas	jsonb		Represents replicas of the table.
restore_summary	jsonb		Contains details for the restore.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
sse_description	jsonb		The description of the server-side encryption status on the specified table.
stream_specification	jsonb		The current DynamoDB Streams configuration for the table.
streaming_destination	jsonb		Provides information about the status of Kinesis streaming.
table_class	text		The table class of the specified table. Valid values are STANDARD and STANDARD_INFREQUENT_ACCESS.
table_id	text		Unique identifier for the table.
table_size_bytes	bigint		Size of the table in bytes. Note that this is an approximate value.
table_status	text		The current state of the table.
tags	jsonb		A map of tags for the resource.
tags_src	jsonb		A list of tags assigned to the table.
title	text		Title of the resource.
write_capacity	bigint		The maximum number of writes consumed per second before DynamoDB returns a ThrottlingException.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_dynamodb_table