Amazon DynamoDB tables should be using AWS-managed Customer Master Keys (CMKs) instead of AWS-owned CMKs for Server-Side Encryption (SSE), in order to meet strict encryption compliance and regulatory requirements. DynamoDB supports to switch from AWS-owned CMKs to customer-managed CMKs managed using Amazon Key Management Service (KMS), without any code to encrypt the data.
Amazon DynamoDB Auto Scaling feature should be enabled to dynamically adjust provisioned throughput (read and write) capacity for your tables and global secondary indexes. This can make it easier to administer your DynamoDB data, help you maximize your application availability and reduce your DynamoDB costs.
DynamoDB table without backup can result in accidental data loss. Your AWS DynamoDB tables should make use of Point-in-time Recovery (PITR) feature in order to automatically take continuous backups of your DynamoDB data.
A VPC endpoint for DynamoDB enables Amazon EC2 instances in your VPC to use their private IP addresses to access DynamoDB with no exposure to the public internet. Your EC2 instances do not require public IP addresses, and you do not need an internet gateway, a NAT device, or a virtual private gateway in your VPC.
Any unused Amazon DynamoDB tables available within your AWS account should be removed to help lower the cost of your monthly AWS bill.
If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.