Posted On: Mar 24, 2021
Now you can use AWS CloudTrail to log data-plane API activity to monitor, alarm, and archive item-level activity in your Amazon DynamoDB tables. You can use this information about item-level activity as part of an audit, to help address compliance requirements, and monitor which AWS Identity and Access Management (IAM) users, roles, and permissions are being used to access your table data.
With CloudTrail data-plane logging, you can record all API activity on DynamoDB, and receive detailed information such as the IAM user or role that made the request, the time of the request, and the accessed table. To configure data-plane events for DynamoDB, in the CloudTrail console or with the AWS CLI or AWS API, specify DynamoDB as the data event type and then choose the DynamoDB tables for which you want CloudTrail to record data-plane API activity. You also can configure whether read-only, write-only, or both types of events are captured for the trail. CloudTrail records and delivers DynamoDB data events to the same Amazon S3 bucket to which it already delivers your log files for other AWS services.
To learn more about this feature, see Logging DynamoDB Operations by Using AWS CloudTrail, or read the AWS Database Blog post. To learn more about DynamoDB data-events pricing, see AWS CloudTrail pricing.