DynamoDB Backup and Restore provides fully automated on-demand backup, restore, and point-in-time recovery for data protection and archiving.
On-demand backup allows the creation of full backups of DynamoDB table for data archiving, helping you meet corporate and governmental regulatory requirements.
All backups are automatically encrypted, cataloged, and easily discoverable.
Backups can be created for tables from a few megabytes to hundreds of terabytes of data, with no impact on performance and availability of production applications.
On-demand Backups
DynamoDB on-demand backup helps create full backups of the tables for long-term retention, and archiving for regulatory compliance needs.
On-demand backups create a snapshot of the table that DynamoDB stores and manages.
Backup and restore actions run with no impact on table performance or availability.
Backups process in seconds regardless of the size of the tables.
Backups are preserved regardless of table deletion and retained until they are explicitly deleted.
On-demand backups are cataloged, and discoverable.
Charged based on the size and duration of the backups.
Can restore the entire DynamoDB table to the exact state it was in when the backup was created.
Creating On-demand Backups
On-demand backups can be created using two methods:
DynamoDB Native Backup
Can be used to backup and restore DynamoDB tables.
Create backups via AWS Management Console, AWS CLI, or API.
Limitation: DynamoDB on-demand backups cannot be copied to a different account or Region.
Suitable for simple backup and restore within the same account and region.
AWS Backup (Recommended)
AWS Backup is a fully managed data protection service that makes it easy to centralize and automate backups across AWS services, in the cloud, and on-premises.
Provides enhanced backup features beyond native DynamoDB backups.
Key Advantages:
Centralized Management: Configure backup schedules & policies and monitor activity for AWS resources and on-premises workloads in one place.
Cross-Region Backup: Copy on-demand backups across AWS Regions.
Independent Encryption: Encryption using an AWS KMS key that is independent of the DynamoDB table encryption key.
Vault Lock (WORM): Apply write-once-read-many (WORM) setting for backups using AWS Backup Vault Lock policy for compliance.
Cost Allocation Tags: Add cost allocation tags to on-demand backups for better cost tracking.
Cold Storage Tier: Transition on-demand backups to cold storage for lower costs (requires opting in to advanced features).
Automated Backup Plans: Create scheduled backup plans with retention policies.
Cross-Region and Cross-Account Restore
DynamoDB table data can be restored across AWS Regions such that the restored table is created in a different Region from where the source table resides.
Cross-Region restores are supported between:
AWS commercial Regions
AWS China Regions
AWS GovCloud (US) Regions
Cross-Account Backup and Restore: Using AWS Backup, backups can be copied across AWS accounts for disaster recovery or data migration scenarios.
Pricing: Pay for data transfer out of the source Region and for restoring to a new table in the destination Region.
PITR – Point-In-Time Recovery
DynamoDB point-in-time recovery – PITR enables automatic, continuous, incremental backup of the table with per-second granularity.
PITR backups are fully managed by DynamoDB.
PITR helps protect against accidental writes and deletes.
PITR can back up tables with hundreds of terabytes of data with no impact on the performance or availability of the production applications.
Configurable Recovery Period (January 2025)
Announced in January 2025, DynamoDB now supports a configurable recovery period for PITR.
Recovery period can be set to any value between 1 and 35 days on a per-table basis.
Default: Recovery period is 35 days if not explicitly configured.
Can restore to any given second from within the configured recovery period.
Use Cases:
Shorter retention (e.g., 7 days) for cost optimization when long-term recovery is not needed.
Compliance requirements that mandate specific retention periods.
Development/test environments where shorter recovery windows are acceptable.
Pricing Impact: Shortening the recovery period has no impact on PITR pricing because the price is based on the size of table and local secondary indexes, not the retention period.
PITR Restore Capabilities
Can restore to any point in time between EarliestRestorableDateTime and LatestRestorableDateTime.
LatestRestorableDateTime is typically five minutes before the current time.
PITR-enabled tables that were deleted can be recovered in the preceding 35 days (or configured retention period) and restored to their state just before they were deleted.
Restored table is created as a new, independent table (not part of the original global table if applicable).
PITR with Global Tables
Can enable point-in-time recovery on each local replica of a global table.
When restoring a global table replica, the backup restores to an independent table that is not part of the global table.
If using Global Tables version 2019.11.21 (Current), a new global table can be created from the restored table.
PITR Considerations
If PITR is disabled and later re-enabled on a table, the start time for recovery is reset.
After re-enabling, can only immediately restore using the LatestRestorableDateTime.
AWS CloudTrail logs all console and API actions for PITR for auditing and compliance.
PITR can be enabled or disabled at any time without impacting table performance.
Backup and Restore Best Practices
Use AWS Backup for Production: Leverage AWS Backup for centralized management, cross-region/cross-account capabilities, and advanced features.
Enable PITR for Critical Tables: Always enable PITR for production tables to protect against accidental data loss.
Configure Appropriate Retention: Set PITR retention period based on recovery requirements and compliance needs.
Test Restore Procedures: Regularly test backup restoration to ensure recovery processes work as expected.
Use Vault Lock for Compliance: Apply AWS Backup Vault Lock for immutable backups when required by regulations.
Implement Cross-Region Backups: Copy critical backups to another region for disaster recovery.
Tag Backups: Use cost allocation tags to track backup costs by project, environment, or team.
Automate Backup Plans: Create scheduled backup plans with AWS Backup for consistent data protection.
Monitor Backup Status: Use CloudWatch and AWS Backup monitoring to track backup success and failures.
Consider Cold Storage: Transition long-term backups to cold storage tier for cost savings.
AWS Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
A sysops engineer must create nightly backups of an Amazon DynamoDB table. Which backup methodology should the database specialist use to MINIMIZE management overhead?
Install the AWS CLI on an Amazon EC2 instance. Write a CLI command that creates a backup of the DynamoDB table. Create a scheduled job or task that runs the command on a nightly basis.
Create an AWS Lambda function that creates a backup of the DynamoDB table. Create an Amazon CloudWatch Events rule that runs the Lambda function on a nightly basis.
Create a backup plan using AWS Backup, specify a backup frequency of every 24 hours, and give the plan a nightly backup window.
Configure DynamoDB backup and restore for an on-demand backup frequency of every 24 hours.
A company needs to copy DynamoDB table backups to a different AWS account for disaster recovery purposes. What is the BEST solution?
Use DynamoDB native backup and manually export/import data to the other account.
Use AWS Backup to create backups and copy them across accounts after enabling advanced features and cross-account backup.
Enable PITR and restore the table in the other account.
Use AWS Data Pipeline to copy data between accounts.
A company wants to protect a DynamoDB table against accidental deletions with the ability to recover data from any point in the last 7 days. What should a solutions architect recommend?
Create daily on-demand backups and retain them for 7 days.
Enable PITR with a recovery period configured to 7 days.
Use AWS Backup with a 7-day retention policy.
Enable DynamoDB Streams and store data in S3 for 7 days.
A company needs to restore a DynamoDB table to a different AWS Region. The table is currently in us-east-1 and needs to be restored to eu-west-1. What is the correct approach?
Enable PITR and restore directly to eu-west-1.
Use DynamoDB native backup and restore to eu-west-1.
Create a backup and perform a cross-Region restore to eu-west-1.
Create a Global Table with a replica in eu-west-1.
A company has enabled PITR on a DynamoDB table with a 35-day retention period. They want to reduce costs by shortening the retention to 14 days. What will be the impact on PITR pricing?
PITR costs will be reduced by approximately 60%.
PITR costs will be reduced proportionally to the retention period.
There will be no impact on PITR pricing as it is based on table size, not retention period.
PITR costs will increase due to more frequent backup cycles.
Which of the following are advantages of using AWS Backup over DynamoDB native backups? (Select THREE)
Cross-account backup and restore capabilities
Faster backup creation time
Ability to transition backups to cold storage tier
Lower backup storage costs
Centralized backup management across multiple AWS services
Automatic PITR enablement
A DynamoDB table with PITR enabled was accidentally deleted. How long does the company have to recover the table?
7 days from deletion
24 hours from deletion
Up to 35 days (or the configured retention period) from deletion
By default, communications to and from DynamoDB use the HTTPS protocol, which protects network traffic by using SSL/TLS encryption.
A VPC endpoint for DynamoDB enables EC2 instances in the VPC to use their private IP addresses to access DynamoDB with no exposure to the public internet.
Traffic between the VPC and the AWS service does not leave the Amazon network.
EC2 instances do not require public IP addresses, an internet gateway, a NAT device, or a virtual private gateway in the VPC.
VPC endpoint for DynamoDB routes any requests to a DynamoDB endpoint within the Region to a private DynamoDB endpoint within the Amazon network.
Applications running on EC2 instances in the VPC don’t need to be modified.
Endpoint name remains the same, but the route to DynamoDB stays entirely within the Amazon network and does not access the public internet.
VPC Endpoint Policies to control access to DynamoDB.
Types of VPC Endpoints for DynamoDB
DynamoDB supports two types of VPC endpoints: Gateway Endpoints and Interface Endpoints (using AWS PrivateLink).
Both types keep network traffic on the AWS network.
Gateway endpoints and interface endpoints can be used together in the same VPC.
Gateway Endpoints
A gateway endpoint is specified in the route table to access DynamoDB from the VPC over the AWS network.
Use DynamoDB public IP addresses.
Do not allow access from on-premises networks.
Do not allow access from another AWS Region.
Not billed – Gateway endpoints are free of charge.
Available only in the Region where created.
Supported for both DynamoDB tables and DynamoDB Streams.
Interface Endpoints (AWS PrivateLink)
Announced in March 2024, DynamoDB now supports AWS PrivateLink for interface endpoints.
Use private IP addresses from the VPC to route requests to DynamoDB.
Represented by one or more elastic network interfaces (ENIs) with private IP addresses.
Allow access from on-premises networks via AWS Direct Connect or Site-to-Site VPN.
Allow cross-region access from another VPC using VPC peering or AWS Transit Gateway.
Billed – Interface endpoints incur hourly charges and data processing charges.
Support up to 50,000 requests per second per endpoint.
Compatible with existing gateway endpoints in the same VPC.
Enable simplified private network connectivity from on-premises workloads to DynamoDB.
Choosing Between Gateway and Interface Endpoints
Use Gateway Endpoints when:
Access is only needed from within the VPC.
Cost optimization is a priority (gateway endpoints are free).
Simple VPC-only connectivity is sufficient.
Use Interface Endpoints when:
Access is needed from on-premises networks via Direct Connect or VPN.
Cross-region access is required via VPC peering or Transit Gateway.
Private IP addressing is required for compliance or security policies.
Integration with AWS Management Console Private Access is needed.
Use Both Together when:
In-VPC applications can use the free gateway endpoint.
On-premises applications use interface endpoints for private connectivity.
This approach optimizes costs while enabling hybrid connectivity.
DynamoDB Streams with AWS PrivateLink
Announced in March 2025, DynamoDB Streams now supports AWS PrivateLink.
Allows invoking DynamoDB Streams APIs from within the VPC without traversing the public internet.
Only interface endpoints are supported for DynamoDB Streams – gateway endpoints are not supported.
Enables private connectivity for stream processing applications running on-premises or in other regions.
Supports FIPS endpoints in US and Canada commercial AWS Regions (announced November 2025).
To use DynamoDB console with AWS Management Console Private Access, create VPC endpoints for both:
com.amazonaws.<region>.dynamodb
com.amazonaws.<region>.dynamodb-streams
DynamoDB Accelerator (DAX) with AWS PrivateLink
Announced in October 2025, DAX now supports AWS PrivateLink.
Enables secure access to DAX management APIs (CreateCluster, DescribeClusters, DeleteCluster) over private IP addresses within the VPC.
Customers can access DAX using private DNS names.
Provides private connectivity for DAX cluster management operations.
IPv6 Support
Announced in October 2025, DynamoDB now supports Internet Protocol version 6 (IPv6).
IPv6 addresses can be used in VPCs when connecting to:
DynamoDB tables
DynamoDB Streams
DynamoDB Accelerator (DAX)
IPv6 support includes both AWS PrivateLink Gateway and Interface endpoints.
DAX supports IPv6 addressing with IPv4-only, IPv6-only, or dual-stack networking modes.
Available in all commercial AWS Regions and AWS GovCloud (US) Regions.
VPC Endpoint Policies
Endpoint policies can be attached to VPC endpoints to control access to DynamoDB.
Policies specify:
IAM principals that can perform actions
Actions that can be performed
Resources on which actions can be performed
Can restrict access to specific DynamoDB tables from a VPC endpoint.
Useful for implementing least-privilege access controls.
Considerations and Limitations
AWS PrivateLink for DynamoDB does not support:
Transport Layer Security (TLS) 1.1
Private and Hybrid Domain Name System (DNS) services
Network connectivity timeouts to AWS PrivateLink endpoints need to be handled by applications.
Interface endpoints support up to 50,000 requests per second per endpoint.
When using both gateway and interface endpoints together, applications must use endpoint-specific DNS names to route traffic through interface endpoints.
AWS Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
What are the services supported by VPC endpoints, using the Gateway endpoint type?
Amazon EFS
Amazon DynamoDB
Amazon Glacier
Amazon SQS
A business application is hosted on Amazon EC2 and uses Amazon DynamoDB for its storage. The chief information security officer has directed that no application traffic between the two services should traverse the public internet. Which capability should the solutions architect use to meet the compliance requirements?
AWS Key Management Service (AWS KMS)
VPC endpoint
Private subnet
Virtual private gateway
A company runs an application in the AWS Cloud and uses Amazon DynamoDB as the database. The company deploys Amazon EC2 instances to a private network to process data from the database. The company uses two NAT instances to provide connectivity to DynamoDB.
The company wants to retire the NAT instances. A solutions architect must implement a solution that provides connectivity to DynamoDB and that does not require ongoing management. What is the MOST cost-effective solution that meets these requirements?
Create a gateway VPC endpoint to provide connectivity to DynamoDB.
Configure a managed NAT gateway to provide connectivity to DynamoDB.
Establish an AWS Direct Connect connection between the private network and DynamoDB.
Deploy an AWS PrivateLink endpoint service between the private network and DynamoDB.
A company has an on-premises data center connected to AWS via AWS Direct Connect. The company needs to access DynamoDB tables from on-premises applications without traversing the public internet. What is the BEST solution?
Create a gateway VPC endpoint for DynamoDB.
Create an interface VPC endpoint (AWS PrivateLink) for DynamoDB.
Configure a NAT gateway in the VPC.
Use an internet gateway with security groups.
A solutions architect needs to enable private connectivity to DynamoDB Streams for a stream processing application. Which VPC endpoint type should be used?
Gateway endpoint only
Interface endpoint only
Either gateway or interface endpoint
Both gateway and interface endpoints together
A company wants to minimize costs for accessing DynamoDB from EC2 instances within the same VPC while maintaining private connectivity. What should they implement?
Interface VPC endpoint
Gateway VPC endpoint
NAT gateway
Internet gateway with security groups
Which of the following are true about DynamoDB interface endpoints? (Select TWO)
They support access from on-premises networks via Direct Connect or VPN.
They are free of charge.
They use private IP addresses from the VPC.
They cannot be used with gateway endpoints in the same VPC.
DynamoDB Time to Live – TTL enables a per-item timestamp to determine when an item is no longer needed.
After the date and time of the specified timestamp, DynamoDB deletes the item from the table without consuming any write throughput.
DynamoDB TTL is provided at no extra cost and can help reduce data storage by retaining only required data.
Items that are deleted from the table are also removed from any local secondary index and global secondary index in the same way as a DeleteItem operation.
DynamoDB Stream tracks the delete operation as a system delete, not a regular one.
How TTL Works
TTL allows defining a per-item expiration timestamp that indicates when an item is no longer needed.
DynamoDB automatically deletes expired items within a few days of their expiration time, without consuming write throughput.
Deletion Timeline: DynamoDB typically deletes expired items within two days (48 hours) of expiration.
The exact duration depends on the workload nature and table size.
Deletion rate is proportional to the total number of TTL-expired items.
Items pending deletion: Expired items that haven’t been deleted yet will still appear in reads, queries, and scans.
Use filter expressions to remove expired items from Scan and Query results.
Expired items can still be updated, including changing or removing their TTL attributes.
When updating expired items, use a condition expression to ensure the item hasn’t been subsequently deleted.
TTL process runs in the background as a low-priority task to avoid impacting table performance.
TTL deletions do not consume Write Capacity Units (WCU) in provisioned mode or Write Request Units in on-demand mode.
TTL Requirements and Limitations
Data Type: TTL attributes must use the Number data type. Other data types, such as String, are not supported.
Time Format: TTL attributes must use the Unix epoch time format (seconds since January 1, 1970, 00:00:00 UTC).
Be sure that the timestamp is in seconds, not milliseconds.
Items with TTL attributes that are not a Number type are ignored by the TTL process.
Five-Year Past Limitation: To be considered for expiry and deletion, the TTL timestamp cannot be more than five years in the past.
This prevents accidental deletion of historical data with very old timestamps.
Items with TTL values older than five years in the past are ignored by the TTL process.
Future Expiration: No limit on how far in the future the TTL timestamp can be set.
Attribute Selection: Only one attribute per table can be designated as the TTL attribute.
The initial TTL delete does not consume WCU in the region where the TTL expiry occurs.
The replicated TTL delete to replica table(s) consumes a replicated Write Capacity Unit (provisioned mode) or Replicated Write Unit (on-demand mode) in each replica region.
Applicable charges apply for replicated TTL deletes.
TTL and DynamoDB Streams
Deleted items are sent to DynamoDB Streams as system deletions (not user deletions).
Stream records for TTL deletions include a special attribute to identify them as TTL-triggered deletions.
Can be used to trigger downstream actions via AWS Lambda, such as:
Archiving expired items to S3 or Amazon S3 Glacier.
Sending notifications when items expire.
Maintaining audit logs of deleted items.
Common Use Cases
TTL is useful if the stored items lose relevance after a specific time. For example:
Session Management: Remove user session data after inactivity period (e.g., 30 days).
IoT and Sensor Data: Remove sensor data after a year of inactivity.
Temporary Data: Delete temporary records like shopping carts, draft documents, or cache entries.
Compliance and Data Retention: Retain sensitive data for a certain amount of time according to contractual or regulatory obligations (e.g., GDPR, HIPAA).
Event Data: Remove event logs, audit trails, or metrics after a retention period.
Archive to S3: Archive expired items to an S3 data lake via DynamoDB Streams and AWS Lambda before deletion.
Best Practices
Calculate TTL on Write: Compute the expiration timestamp when creating or updating items.
For new items: TTL = createdAt + retention_period
For updated items: TTL = updatedAt + retention_period
Use Filter Expressions: Filter out expired items in application queries to avoid processing items pending deletion.
Archive Before Deletion: Use DynamoDB Streams with Lambda to archive important data to S3 before TTL deletion.
Monitor TTL Deletions: Track TTL deletion metrics using CloudWatch to ensure the deletion rate meets expectations.
Test TTL Behavior: Use the TTL preview feature in the DynamoDB console to simulate deletions before enabling TTL.
Avoid Very Old Timestamps: Ensure TTL values are not more than five years in the past to prevent them from being ignored.
Consider Global Table Costs: Account for replicated write costs when using TTL with Global Tables.
Enabling TTL
TTL can be enabled on a table through:
AWS Management Console
AWS CLI
AWS SDKs
AWS CloudFormation
Specify the attribute name that will store the TTL timestamp.
TTL can be enabled or disabled at any time without impacting table performance.
Changing the TTL attribute requires disabling TTL first, then re-enabling with the new attribute.
AWS Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
A company developed an application by using AWS Lambda and Amazon DynamoDB. The Lambda function periodically pulls data from the company’s S3 bucket based on date and time tags and inserts specific values into a DynamoDB table for further processing. The company must remove data that is older than 30 days from the DynamoDB table. Which solution will meet this requirement with the MOST operational efficiency?
Update the Lambda function to add the Version attribute in the DynamoDB table. Enable TTL on the DynamoDB table to expire entries that are older than 30 days based on the TTL attribute.
Update the Lambda function to add the TTL attribute in the DynamoDB table. Enable TTL on the DynamoDB table to expire entries that are older than 30 days based on the TTL attribute.
Use AWS Step Functions to delete entries that are older than 30 days.
Use EventBridge to schedule the Lambda function to delete entries that are older than 30 days.
A company stores IoT sensor data in a DynamoDB table. The data must be retained for 90 days for analysis and then automatically deleted. The solution must minimize costs. What should a solutions architect recommend?
Create a Lambda function to scan and delete items older than 90 days, triggered daily by EventBridge.
Enable TTL on the DynamoDB table with an expiration attribute set to 90 days from the item creation time.
Use DynamoDB Streams with Lambda to move data to S3 Glacier after 90 days and delete from DynamoDB.
Create a scheduled AWS Batch job to delete items older than 90 days.
A DynamoDB table has TTL enabled. A developer notices that some items with expired TTL timestamps are still appearing in query results. What is the MOST likely explanation?
TTL is not working correctly and needs to be disabled and re-enabled.
The TTL attribute is using the wrong data type.
Items are expired but have not yet been deleted by the background TTL process, which can take up to 48 hours.
The TTL timestamp is more than five years in the past.
A company uses DynamoDB Global Tables across three regions. TTL is enabled on the table. How are write capacity units consumed for TTL deletions?
TTL deletions consume WCU in all regions including the region where expiration occurs.
TTL deletions do not consume WCU in the region where expiration occurs, but consume replicated write units in replica regions.
TTL deletions do not consume any WCU in any region.
TTL deletions consume double WCU in the region where expiration occurs.
What is the correct format for a DynamoDB TTL attribute value to expire an item on January 1, 2027, at 00:00:00 UTC?
2027-01-01T00:00:00Z (ISO 8601 format)
1735689600000 (milliseconds since epoch)
1735689600 (seconds since epoch)
“1735689600” (string representation of seconds)
A company wants to archive expired DynamoDB items to S3 before they are deleted by TTL. What is the BEST approach?
Create a Lambda function that scans the table for expired items and copies them to S3 before TTL deletes them.
Enable DynamoDB Streams and use a Lambda function to detect TTL deletions and archive items to S3.
Disable TTL and use a scheduled Lambda function to manually delete items after archiving to S3.
Use AWS Backup to automatically archive items before TTL deletion.
Which of the following statements about DynamoDB TTL are correct? (Select TWO)
TTL deletions consume write capacity units in the source region.
TTL timestamps must be in Unix epoch time format in seconds.
TTL can use String data type for the expiration attribute.
TTL timestamps cannot be more than five years in the past to be considered for deletion.
TTL guarantees deletion within exactly 48 hours of expiration.
DynamoDB Global Tables is a fully managed, serverless, multi-Region, multi-active database.
Global tables provide 99.999% availability, increased application resiliency, and improved business continuity.
Global table’s automatic cross-Region replication capability helps achieve fast, local read and write performance and regional fault tolerance for database workloads.
Applications can now perform reads and writes to DynamoDB in AWS Regions around the world, with changes in any Region propagated to every Region where a table is replicated.
Global Tables help in building applications to advantage of data locality to reduce overall latency.
Global Tables replicates data among Regions within a single AWS account.
Global Tables Working
Global Table is a collection of one or more replica tables, all owned by a single AWS account.
A single Amazon DynamoDB global table can only have one replica table per AWS Region.
Each replica table stores the same set of data items, has the same table name, and the same primary key schema.
When an application writes data to a replica table in one Region, DynamoDB replicates the writes to other replica tables in the other AWS Regions.
All replicas in a global table share the same table name, primary key schema, and item data.
Consistency Modes
When creating a global table, a consistency mode must be configured.
Global tables support two consistency modes: Multi-Region Eventual Consistency (MREC) and Multi-Region Strong Consistency (MRSC).
If no consistency mode is specified, the global table defaults to MREC.
A global table cannot contain replicas configured with different consistency modes.
Consistency mode cannot be changed after creation.
MREC is the default consistency mode for global tables.
Item changes are asynchronously replicated to all other replicas, typically within a second or less.
Conflict Resolution: Uses Last Write Wins approach based on the latest internal timestamp on a per-item basis.
Consistency Behavior:
Supports eventual consistency for cross-Region reads.
Supports strong consistency for same-Region reads (returns latest version if item was last updated in that Region).
May return stale data for strongly consistent reads if the item was last updated in a different Region.
Recovery Point Objective (RPO): Equal to replication delay between replicas (usually a few seconds).
Replica Management:
Create by adding a replica to an existing DynamoDB table.
Can add replicas to expand to more Regions or remove replicas if no longer needed.
Can have a replica in any Region where DynamoDB is available.
No performance impact when adding replicas.
Requirements: Requires DynamoDB Streams enabled with New and Old image settings.
Use Cases:
Applications that can tolerate stale data from strongly consistent reads if data was updated in another Region.
Prioritize lower write and strongly consistent read latencies over multi-Region read consistency.
Multi-Region high availability strategy can tolerate RPO greater than zero.
Multi-Region Strong Consistency (MRSC) – January 2025
Announced at AWS re:Invent 2024 (preview) and generally available in January 2025.
Item changes are synchronously replicated to at least one other Region before the write operation returns a successful response.
Zero RPO: Provides Recovery Point Objective (RPO) of zero for highest resilience.
Consistency Behavior:
Strongly consistent read operations on any MRSC replica always return the latest version of an item.
Conditional writes always evaluate against the latest version of an item.
Provides strong read-after-write consistency across all Regions.
Deployment Requirements:
Must be deployed in exactly three Regions.
Can configure with three replicas OR two replicas + one witness.
Witness: A component that contains data written to replicas and supports MRSC’s availability architecture. Cannot perform read/write operations on a witness. Witness is owned and managed by DynamoDB.
Regional Availability: Available in three Region sets:
US Region set: US East (N. Virginia), US East (Ohio), US West (Oregon)
EU Region set: Europe (Ireland), Europe (London), Europe (Paris), Europe (Frankfurt)
AP Region set: Asia Pacific (Tokyo), Asia Pacific (Seoul), Asia Pacific (Osaka)
MRSC global tables cannot span Region sets (e.g., cannot mix US and EU Regions).
Creation Requirements:
Create by adding one replica and a witness OR two replicas to an existing DynamoDB table.
Table must be empty when converting to MRSC (existing items not supported).
Cannot add additional replicas after creation.
Cannot delete a single replica or witness (must delete two replicas or one replica + witness to convert back to single-Region table).
Write Conflicts: Write operation fails with ReplicatedWriteConflictException when attempting to modify an item already being modified in another Region. Failed writes can be retried.
Limitations:
Time to Live (TTL): Not supported
Local Secondary Indexes (LSIs): Not supported
Transactions: Not supported (TransactWriteItems and TransactGetItems return errors)
DynamoDB Streams: Not used for replication (can be enabled separately)
Performance Trade-off: Higher write and strongly consistent read latencies compared to MREC.
Use Cases:
Need strongly consistent reads across multiple Regions.
Prioritize global read consistency over lower write latency.
Multi-Region high availability strategy requires RPO of zero.
Financial applications, inventory management, or any system requiring strict consistency.
Pricing Reduction (November 2024)
Effective November 1, 2024, DynamoDB reduced prices for global tables by up to 67%.
On-demand mode: Global tables cost 67% less than before.
Provisioned capacity mode: Global tables cost 33% less than before.
Makes global tables significantly more cost-effective for multi-Region deployments.
Replication and Throughput
MREC Replication:
Uses DynamoDB Streams to replicate changes.
Streams are enabled by default on all replicas and cannot be disabled.
Replication process may combine multiple changes into a single replicated write.
Stream records are ordered per-item but ordering between items may differ between replicas.
MRSC Replication:
Does not use DynamoDB Streams for replication.
Streams can be enabled separately if needed.
Stream records are identical for every replica, including ordering.
Provisioned Mode:
Replication consumes write capacity.
Auto scaling settings for read and write capacities are synchronized between replicas.
Read capacity can be independently configured per replica using ProvisionedThroughputOverride.
On-demand Mode:
Write capacity is automatically synchronized across all replicas.
DynamoDB automatically adjusts capacity based on traffic.
Monitoring and Testing
Replication Latency (MREC only):
MREC global tables publish ReplicationLatency metric to CloudWatch.
Tracks elapsed time between item write in one replica and appearance in another replica.
Expressed in milliseconds for every source-destination Region pair.
MRSC global tables do not publish this metric (synchronous replication).
Fault Injection Testing:
Both MREC and MRSC integrate with AWS Fault Injection Service (AWS FIS).
Can simulate Region isolation by pausing replication to/from a selected replica.
Test error handling, recovery mechanisms, and multi-Region traffic shift behavior.
Additional Features and Considerations
Time to Live (TTL):
MREC: Supported. TTL settings synchronized across all replicas. TTL deletes replicated to all replicas (charged for replicated deletes).
MRSC: Not supported.
Transactions:
MREC: Supported but only atomic within the Region where invoked. Not replicated as a unit.
MRSC: Not supported.
Point-in-Time Recovery (PITR):
Can be enabled on each local replica independently.
PITR settings are not synchronized between replicas.
DynamoDB Accelerator (DAX):
Writes to global table replicas bypass DAX, updating DynamoDB directly.
DAX caches can become stale and are only refreshed when cache TTL expires.
Can be overridden per replica: Read capacity, table class
Never synchronized: Deletion protection, PITR, tags, Contributor Insights
DynamoDB Global Tables vs. Aurora Global Databases
AWS Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
A company is building a web application on AWS. The application requires the database to support read and write operations in multiple AWS Regions simultaneously. The database also needs to propagate data changes between Regions as the changes occur. The application must be highly available and must provide a latency of single-digit milliseconds. Which solution meets these requirements?
Amazon DynamoDB global tables
Amazon DynamoDB streams with AWS Lambda to replicate the data
An Amazon ElastiCache for Redis cluster with cluster mode enabled and multiple shards
An Amazon Aurora global database
A financial services company requires a multi-Region database with zero data loss (RPO = 0) and strongly consistent reads across all Regions. Which DynamoDB global tables consistency mode should they use?
Multi-Region Eventual Consistency (MREC)
Multi-Region Strong Consistency (MRSC)
Single-Region Strong Consistency
Cross-Region Read Replicas
A company wants to create a DynamoDB global table with MRSC for their inventory management system. They have existing data in a table in us-east-1. What must they do before converting to MRSC?
Enable DynamoDB Streams on the table.
Configure three replicas in different Regions.
Empty the table of all existing data.
Enable Point-in-Time Recovery (PITR).
A company has a DynamoDB global table with MREC configured across us-east-1, eu-west-1, and ap-southeast-1. An item is updated simultaneously in us-east-1 and eu-west-1. How does DynamoDB resolve this conflict?
The write in the primary Region takes precedence.
Last Write Wins based on the latest internal timestamp.
Both writes are rejected and must be retried.
The write with the larger data size takes precedence.
A company wants to deploy a DynamoDB global table with MRSC. They need replicas in us-east-1, eu-west-1, and ap-southeast-1. What will happen?
The global table will be created successfully.
The creation will fail because MRSC cannot span Region sets.
The global table will be created with MREC instead.
A witness will be automatically placed in a fourth Region.
Which of the following features are NOT supported with DynamoDB MRSC global tables? (Select THREE)
Time to Live (TTL)
DynamoDB Streams
Local Secondary Indexes (LSIs)
Global Secondary Indexes (GSIs)
Transaction operations (TransactWriteItems)
Point-in-Time Recovery (PITR)
A company has a DynamoDB global table with MREC. They perform a strongly consistent read in us-west-2, but the item was last updated in eu-west-1. What will the read return?
The latest version of the item from eu-west-1.
Potentially stale data (the version before the eu-west-1 update).
An error indicating the item is being replicated.
The read will be automatically redirected to eu-west-1.
What is the typical replication latency for DynamoDB global tables with MREC?
DynamoDB Streams provides a time-ordered sequence of item-level changes made to data in a table.
DynamoDB Streams is a serverless data streaming feature that makes it straightforward to track, process, and react to item-level changes in DynamoDB tables in near real-time.
DynamoDB Streams stores the data for the last 24 hours, after which they are erased.
DynamoDB Streams maintains an ordered sequence of the events per item; however, sequence across items is not maintained.
Example:
For e.g., suppose that you have a DynamoDB table tracking high scores for a game and that each item in the table represents an individual player. If you make the following three updates in this order:
Update 1: Change Player 1’s high score to 100 points
Update 2: Change Player 2’s high score to 50 points
Update 3: Change Player 1’s high score to 125 points
DynamoDB Streams will maintain the order for Player 1 score events. However, it would not maintain order across the players. So Player 2 score event is not guaranteed between the 2 Player 1 events.
Applications can access this log and view the data items as they appeared before and after they were modified, in near-real time.
DynamoDB Streams APIs help developers consume updates and receive the item-level data before and after items are changed.
DynamoDB Streams Features
Streams allow reads at up to twice the rate of the provisioned write capacity of the DynamoDB table.
Streams have to be enabled on a per-table basis. When enabled on a table, DynamoDB captures information about every modification to data items in the table.
Streams support Encryption at rest to encrypt the data.
Streams are designed for No Duplicates so that every update made to the table will be represented exactly once in the stream.
Streams write stream records in near-real time so that applications can consume these streams and take action based on the contents.
Stream records contain information about a data modification to a single item in a DynamoDB table.
Each stream record has a sequence number that reflects the order in which the record was published to the stream.
Stream View Types
When enabling a stream on a table, you must specify the stream view type, which determines what information is written to the stream:
KEYS_ONLY: Only the key attributes of the modified item.
NEW_IMAGE: The entire item, as it appears after it was modified.
OLD_IMAGE: The entire item, as it appeared before it was modified.
NEW_AND_OLD_IMAGES: Both the new and the old images of the item (recommended for maximum flexibility).
Use Cases
Multi-Region Replication: Keep other data stores up-to-date with the latest changes to DynamoDB (used by DynamoDB Global Tables).
Real-time Analytics: Stream data to analytics services for real-time insights.
Event-Driven Architectures: Trigger actions based on changes made to the table.
Data Aggregation: Aggregate data from multiple tables into a single view.
Audit and Compliance: Maintain audit logs of all changes to data.
Search Index Updates: Keep search indexes (e.g., OpenSearch) synchronized with DynamoDB data.
Cache Invalidation: Invalidate caches when data changes.
Notifications: Send notifications when specific data changes occur.
Processing DynamoDB Streams
Stream records can be processed using multiple methods:
AWS Lambda
Most common and recommended approach for processing DynamoDB Streams.
Lambda polls the stream and invokes the function synchronously when new records are available.
Lambda automatically handles scaling, retries, and error handling.
Supports batch processing of stream records.
Can filter events using event filtering to reduce invocations and costs.
KCL 3.0 Support (June 2025): DynamoDB Streams now supports Kinesis Client Library 3.0.
Reduces compute costs to process streaming data by up to 33% compared to previous KCL versions.
Improved load balancing algorithm based on CPU utilization.
Enhanced performance and efficiency.
Note: KCL 1.x reaches end-of-support on January 30, 2026. Migrate to KCL 3.x.
AWS PrivateLink Support (March 2025)
Announced in March 2025, DynamoDB Streams now supports AWS PrivateLink.
Allows invoking DynamoDB Streams APIs from within your Amazon VPC without traversing the public internet.
Only interface endpoints are supported for DynamoDB Streams (gateway endpoints are not supported).
Enables private connectivity for stream processing applications running on-premises or in other Regions.
Supports FIPS endpoints in US and Canada commercial AWS Regions (announced November 2025).
Enhances security by keeping stream data within the AWS network.
Critical for compliance requirements that mandate private network connectivity.
Can be accessed from on-premises via AWS Direct Connect or Site-to-Site VPN.
DynamoDB Streams vs. Kinesis Data Streams
DynamoDB Streams:
24-hour data retention
Automatically scales with table
No additional cost (included with DynamoDB)
Simpler to set up and use
Best for simple event-driven architectures
Kinesis Data Streams:
Up to 365 days data retention
Manual capacity management (or on-demand mode)
Additional cost for Kinesis
More complex but more flexible
Best for multiple consumers and longer retention needs
Recommendation: Use DynamoDB Streams for simple use cases with Lambda. Use Kinesis Data Streams for complex scenarios requiring multiple consumers or longer retention.
Best Practices
Choose the Right View Type: Use NEW_AND_OLD_IMAGES for maximum flexibility unless you have specific requirements.
Handle Duplicates: Although designed for no duplicates, implement idempotent processing logic.
Monitor Stream Processing: Use CloudWatch metrics to monitor Lambda invocations, errors, and iterator age.
Use Event Filtering: Filter events in Lambda to reduce unnecessary invocations and costs.
Batch Processing: Configure appropriate batch sizes for Lambda to optimize throughput and cost.
Error Handling: Implement proper error handling and configure dead-letter queues for failed records.
Consider Kinesis for Multiple Consumers: If you need multiple consumers, use Kinesis Data Streams instead.
Migrate to KCL 3.0: If using KCL, migrate to version 3.0 for cost savings and performance improvements.
Use PrivateLink for Security: Enable AWS PrivateLink for enhanced security and compliance.
Limitations and Considerations
Stream records are available for only 24 hours.
Streams do not guarantee ordering across different items (only per-item ordering).
Stream records are eventually consistent with the table.
Enabling streams does not affect table performance.
Streams cannot be enabled on tables with local secondary indexes that use non-key attributes in the projection.
For Global Tables with MREC, streams are enabled by default and cannot be disabled.
For Global Tables with MRSC, streams are not used for replication but can be enabled separately.
AWS Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
An application currently writes a large number of records to a DynamoDB table in one region. There is a requirement for a secondary application to retrieve new records written to the DynamoDB table every 2 hours and process the updates accordingly. Which of the following is an ideal way to ensure that the secondary application gets the relevant changes from the DynamoDB table?
Insert a timestamp for each record and then scan the entire table for the timestamp as per the last 2 hours.
Create another DynamoDB table with the records modified in the last 2 hours.
Use DynamoDB Streams to monitor the changes in the DynamoDB table.
Transfer records to S3 which were modified in the last 2 hours.
A company needs to process DynamoDB stream records from an on-premises application without exposing traffic to the public internet. What should they implement?
Use a NAT gateway to access DynamoDB Streams.
Create an interface VPC endpoint for DynamoDB Streams using AWS PrivateLink.
Create a gateway VPC endpoint for DynamoDB Streams.
Use an internet gateway with security groups.
A company wants to reduce costs for processing DynamoDB Streams using KCL. What should they do?
Switch from KCL to Lambda for processing.
Migrate from KCL 1.x to KCL 3.0 for up to 33% cost reduction.
Reduce the number of shards in the stream.
Increase the batch size for stream processing.
A company needs to maintain an audit log of all changes to a DynamoDB table for 90 days. DynamoDB Streams only retains data for 24 hours. What is the BEST solution?
Enable PITR on the DynamoDB table.
Stream DynamoDB changes to Kinesis Data Streams with 90-day retention.
Use Lambda to copy stream records to S3 every 24 hours.
Create on-demand backups every 24 hours.
A developer wants to capture both the old and new values of items when they are modified in a DynamoDB table. Which stream view type should they configure?
KEYS_ONLY
NEW_IMAGE
OLD_IMAGE
NEW_AND_OLD_IMAGES
Which of the following statements about DynamoDB Streams are correct? (Select TWO)
Stream records are available for 24 hours.
Streams guarantee ordering across all items in the table.
Streams maintain ordered sequence of events per item.
Streams can be processed only by Lambda functions.
Enabling streams impacts table write performance.
A company has multiple applications that need to process the same DynamoDB change events. What is the BEST approach?
Create multiple Lambda functions triggered by the same DynamoDB Stream.
Stream DynamoDB changes to Kinesis Data Streams and use multiple consumers.
Enable multiple DynamoDB Streams on the same table.
Use DynamoDB Streams with fan-out to multiple Lambda functions.
AWS has a Region, which is a physical location around the world where we cluster data centers, with one or more Availability Zones which are discrete data centers with redundant power, networking, and connectivity in an AWS Region.
Amazon automatically stores each DynamoDB table in the three geographically distributed locations or AZs for durability.
DynamoDB consistency represents the manner and timing in which the successful write or update of a data item is reflected in a subsequent read operation of that same item.
DynamoDB Consistency Modes
Eventually Consistent Reads (Default)
Eventual consistency option maximizes the read throughput.
Consistency across all copies is usually reached within a second.
However, an eventually consistent read might not reflect the results of a recently completed write.
Repeating a read after a short time should return the updated data.
DynamoDB uses eventually consistent reads, by default.
Use Cases:
Applications that can tolerate reading slightly stale data.
Read-heavy workloads where throughput is more important than immediate consistency.
Cost-sensitive applications (eventually consistent reads are half the cost of strongly consistent reads).
Strongly Consistent Reads
Strongly consistent read returns a result that reflects all writes that received a successful response prior to the read.
Ensures that the most up-to-date data is returned.
Cost: Strongly consistent reads are 2x the cost of eventually consistent reads (consume twice the read capacity units).
Disadvantages:
A strongly consistent read might not be available if there is a network delay or outage. In this case, DynamoDB may return a server error (HTTP 500).
Strongly consistent reads may have higher latency than eventually consistent reads.
Not supported on Global Secondary Indexes (GSIs) – only eventually consistent reads are supported on GSIs.
Strongly consistent reads use more throughput capacity than eventually consistent reads.
Financial transactions or inventory management where stale data is unacceptable.
Scenarios where data accuracy is critical.
Specifying Consistency Mode
DynamoDB allows the user to specify whether the read should be eventually consistent or strongly consistent at the time of the request.
Read operations (such as GetItem, Query, and Scan) provide a ConsistentRead parameter. If set to true, DynamoDB uses strongly consistent reads during the operation.
Default Behavior: Query, GetItem, and BatchGetItem operations perform eventually consistent reads by default.
Forcing Strong Consistency:
Query and GetItem operations can be forced to be strongly consistent by setting ConsistentRead=true.
Query operations cannot perform strongly consistent reads on Global Secondary Indexes (GSIs).
BatchGetItem operations can be forced to be strongly consistent on a per-table basis.
Scan operations can be forced to be strongly consistent.
Transactional Consistency
DynamoDB supports transactions with full ACID (Atomicity, Consistency, Isolation, Durability) properties.
Transactions provide all-or-nothing execution for multiple operations across one or more tables.
TransactGetItems – Perform multiple read operations with snapshot isolation.
Consistency Guarantees:
Atomicity: All operations in a transaction succeed or fail together.
Consistency: Transactions move the database from one valid state to another.
Isolation: Transactions are isolated from each other using snapshot isolation.
Durability: Once a transaction is committed, it is durable.
Regional Scope: Transactional operations provide ACID guarantees within a single Region.
Global Tables Consideration: For Global Tables with MREC, transactions are only atomic within the Region where invoked (not replicated as a unit).
Cost: Transactional operations consume 2x the write capacity units compared to standard writes.
Multi-Region Strong Consistency (MRSC) – January 2025
Announced at AWS re:Invent 2024 and generally available in January 2025.
Available for DynamoDB Global Tables configured with Multi-Region Strong Consistency mode.
Capability: Provides strong consistency across multiple AWS Regions.
Guarantee: Strongly consistent reads on an MRSC table always return the latest version of an item, irrespective of the Region where the read is performed.
Zero RPO: Enables Recovery Point Objective (RPO) of zero for highest resilience.
How It Works:
Item changes are synchronously replicated to at least one other Region before the write operation returns success.
Strongly consistent reads always reflect the latest committed write across all Regions.
Conditional writes always evaluate against the latest version of an item globally.
Deployment Requirements:
Must be deployed in exactly three Regions.
Can configure with 3 replicas OR 2 replicas + 1 witness.
Available in three Region sets: US, EU, and AP (cannot span Region sets).
Trade-offs:
Higher write latency compared to MREC (eventual consistency) due to synchronous replication.
Higher strongly consistent read latency compared to MREC.
Use Cases:
Financial applications requiring global strong consistency.
Inventory management systems across multiple Regions.
Local Secondary Indexes not supported on MRSC tables.
Consistency Comparison
Consistency Type
Scope
Latency
Cost
Use Case
Eventually Consistent
Single Region
Lowest
1x RCU
Read-heavy, can tolerate stale data
Strongly Consistent
Single Region
Low-Medium
2x RCU
Immediate consistency required
Transactional
Single Region
Medium
2x WCU
ACID guarantees, multiple operations
MRSC (Global Tables)
Multi-Region
Higher
Varies
Global strong consistency, zero RPO
Best Practices
Default to Eventually Consistent: Use eventually consistent reads by default for cost and performance optimization.
Use Strong Consistency Selectively: Only use strongly consistent reads when immediate consistency is required.
Avoid Strong Consistency on GSIs: Design data models to avoid needing strongly consistent reads on GSIs (not supported).
Consider Read-After-Write Patterns: If your application writes and immediately reads, use strongly consistent reads or implement retry logic.
Use Transactions for Multi-Item Operations: When multiple items must be updated atomically, use transactions.
Evaluate MRSC for Global Applications: For applications requiring global strong consistency, consider MRSC Global Tables.
Monitor Consistency Metrics: Use CloudWatch to monitor read/write patterns and adjust consistency settings accordingly.
Handle Errors Gracefully: Implement retry logic for strongly consistent reads that may fail during network issues.
AWS Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
Which of the following statements is true about DynamoDB?
Requests are eventually consistent unless otherwise specified.
Requests are strongly consistent.
Tables do not contain primary keys.
None of the above
How is provisioned throughput affected by the chosen consistency model when reading data from a DynamoDB table?
Strongly consistent reads use the same amount of throughput as eventually consistent reads
Strongly consistent reads use variable throughput depending on read activity
Strongly consistent reads use more throughput than eventually consistent reads.
Strongly consistent reads use less throughput than eventually consistent reads
A company needs to perform a query on a Global Secondary Index (GSI) and requires the most up-to-date data. What consistency mode should they use?
Strongly consistent reads
Eventually consistent reads (GSIs do not support strongly consistent reads)
Transactional reads
Multi-Region strong consistency
A financial application requires strong consistency across multiple AWS Regions with zero data loss (RPO = 0). Which DynamoDB feature should they use?
DynamoDB Global Tables with MREC (eventual consistency)
DynamoDB Global Tables with MRSC (multi-Region strong consistency)
DynamoDB with strongly consistent reads
DynamoDB transactions
A developer needs to update multiple items across two DynamoDB tables atomically. Which feature should they use?
Strongly consistent writes
BatchWriteItem operation
DynamoDB transactions (TransactWriteItems)
Conditional writes
What is the cost difference between eventually consistent reads and strongly consistent reads in DynamoDB?
No difference in cost
Strongly consistent reads cost 2x more (consume 2x RCU)
Strongly consistent reads cost 3x more
Eventually consistent reads cost 2x more
Which of the following statements about DynamoDB consistency are correct? (Select TWO)
Eventually consistent reads are the default for Query and GetItem operations.
Strongly consistent reads are supported on Global Secondary Indexes.
Strongly consistent reads may return HTTP 500 errors during network issues.
Transactions provide ACID guarantees across multiple Regions.
MRSC Global Tables support local secondary indexes.
DynamoDB Auto Scaling uses the AWS Application Auto Scaling service to dynamically adjust provisioned throughput capacity on your behalf, in response to actual traffic patterns.
Application Auto Scaling enables a DynamoDB table or a global secondary index to increase its provisioned read and write capacity to handle sudden increases in traffic, without throttling.
When the workload decreases, Application Auto Scaling decreases the throughput so that you don’t pay for unused provisioned capacity.
Auto Scaling is available for both provisioned capacity mode and works alongside on-demand capacity mode.
DynamoDB Auto Scaling Process
Application Auto Scaling policy can be created on the DynamoDB table.
DynamoDB publishes consumed capacity metrics to CloudWatch.
If the table’s consumed capacity exceeds the target utilization (or falls below the target) for a specific length of time, CloudWatch triggers an alarm. You can view the alarm on the console and receive notifications using Simple Notification Service – SNS.
The upper threshold alarm is triggered when consumed reads or writes breach the target utilization percent for two consecutive minutes.
The lower threshold alarm is triggered after traffic falls below the target utilization minus 20 percent for 15 consecutive minutes.
CloudWatch alarm invokes Application Auto Scaling to evaluate the scaling policy.
Application Auto Scaling issues an UpdateTable request to adjust the table’s provisioned throughput.
DynamoDB processes the UpdateTable request, dynamically increasing (or decreasing) the table’s provisioned throughput capacity so that it approaches your target utilization.
Auto Scaling Configuration
Target Utilization: The percentage of consumed provisioned throughput at a point in time (typically 70%).
Minimum Capacity: The lower bound for provisioned throughput that Auto Scaling will not scale below.
Maximum Capacity: The upper bound for provisioned throughput that Auto Scaling will not scale above.
Scaling Policy: Defines how Auto Scaling responds to changes in workload.
Auto Scaling can be configured for:
Tables (read and write capacity)
Global Secondary Indexes (read and write capacity)
Each can be configured independently
Warm Throughput (November 2024)
Announced in November 2024, DynamoDB now supports warm throughput for tables and indexes.
Warm Throughput: The read and write capacity your DynamoDB table or index can immediately support, based on historical usage.
Provides visibility into the number of read and write operations your table can readily handle.
Automatic Growth: DynamoDB automatically adjusts warm throughput values as your usage increases.
Pre-warming Capability: You can proactively set higher warm throughput values to prepare for anticipated traffic spikes.
Useful for planned events like product launches, sales events, or marketing campaigns.
Ensures your table is immediately ready to handle increased load from the moment the event begins.
Prevents throttling during sudden traffic surges.
Availability:
Available for both provisioned and on-demand tables and indexes.
Available in all AWS commercial Regions and AWS GovCloud (US) Regions.
Pricing:
Warm throughput values are available at no cost.
Pre-warming your table’s throughput incurs a charge.
Use Cases:
Peak events with 10x or 100x traffic surges in short periods.
Product launches or shopping events (e.g., Black Friday).
Marketing campaigns with predictable traffic spikes.
Gaming events or live streaming scenarios.
How It Works:
Each partition is limited to 1,000 write units per second and 3,000 read units per second.
Warm throughput indicates the current capacity available across all partitions.
Pre-warming increases this capacity before the traffic spike occurs.
Auto Scaling takes time to react; pre-warming ensures immediate readiness.
Capacity Modes
Provisioned Capacity Mode with Auto Scaling
You specify the number of read and write capacity units.
Auto Scaling automatically adjusts capacity within configured min/max bounds.
Best for predictable workloads with gradual changes.
Cost-effective when you can forecast capacity needs.
Supports warm throughput and pre-warming.
On-Demand Capacity Mode
DynamoDB automatically scales to accommodate workload.
No need to specify capacity units or configure Auto Scaling.
Pay per request (no minimum capacity).
Best for unpredictable workloads or new applications.
Supports warm throughput and pre-warming.
Pricing reduced by 50% effective November 1, 2024.
Auto Scaling Best Practices
Set Appropriate Target Utilization: 70% is recommended to provide buffer for traffic spikes.
Configure Realistic Min/Max Bounds: Ensure maximum capacity can handle peak loads.
Use Warm Throughput for Planned Events: Pre-warm tables before anticipated traffic spikes.
Monitor CloudWatch Metrics: Track consumed capacity, throttled requests, and Auto Scaling activities.
Test Scaling Behavior: Simulate traffic patterns to validate Auto Scaling configuration.
Consider On-Demand for Unpredictable Workloads: Eliminates need for capacity planning.
Configure Alarms: Set up CloudWatch alarms for throttling events and capacity changes.
Review Scaling History: Analyze past scaling activities to optimize configuration.
Auto Scaling Activity: View scaling activities in Application Auto Scaling console.
Warm Throughput Values: Monitor current warm throughput via DynamoDB console or APIs.
Alarms: Configure CloudWatch alarms for proactive monitoring.
AWS Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
An application running on Amazon EC2 instances writes data synchronously to an Amazon DynamoDB table configured for 60 write capacity units. During normal operation, the application writes 50KB/s to the table but can scale up to 500 KB/s during peak hours. The application is currently getting throttling errors from the DynamoDB table during peak hours. What is the MOST cost-effective change to support the increased traffic with minimal changes to the application?
Use Amazon SNS to manage the write operations to the DynamoDB table
Change DynamoDB table configuration to 600 write capacity units
Increase the number of Amazon EC2 instances to support the traffic
Configure Amazon DynamoDB Auto Scaling to handle the extra demand
A company is planning a major product launch that will cause a 100x traffic spike to their DynamoDB table for 2 hours. They want to ensure the table can handle the load immediately without throttling. What should they do?
Configure Auto Scaling with a high maximum capacity.
Switch to on-demand capacity mode.
Pre-warm the table using warm throughput before the launch.
Manually increase provisioned capacity before the launch.
A DynamoDB table with Auto Scaling configured is experiencing throttling despite having sufficient overall capacity. What is the MOST likely cause?
Auto Scaling is not configured correctly.
The target utilization is set too high.
Hot partitions are exceeding per-partition throughput limits.
CloudWatch alarms are not triggering properly.
What is the recommended target utilization percentage for DynamoDB Auto Scaling?
50%
70%
90%
100%
A company wants to minimize costs for a DynamoDB table with unpredictable traffic patterns. Which capacity mode should they choose?
Provisioned capacity with Auto Scaling
On-demand capacity mode
Provisioned capacity with manual scaling
Reserved capacity
Which of the following statements about DynamoDB warm throughput are correct? (Select TWO)
Warm throughput values are available at no cost.
Warm throughput is only available for provisioned capacity mode.
Pre-warming a table incurs a charge.
Warm throughput cannot be used with on-demand capacity mode.
Warm throughput eliminates the need for Auto Scaling.
DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from ms to µs – even at millions of requests per second.
DAX as a managed service handles the cache invalidation, data population, or cluster management.
DAX provides API compatibility with DynamoDB. Therefore, it requires only minimal functional changes to use with an existing application.
DAX saves costs by reducing the read load (RCU) on DynamoDB.
DAX helps prevent hot partitions.
DAX is intended for high-performance read applications. As a write-through cache, DAX writes directly so that the writes are immediately reflected in the item cache.
DAX only supports eventual consistency and strong consistency requests are passed through to DynamoDB.
DAX is fault-tolerant and scalable.
DAX cluster has a primary node and zero or more read-replica nodes. Upon a failure for a primary node, DAX will automatically failover and elect a new primary. For scaling, add or remove read replicas.
DAX supports server-side encryption.
DAX supports encryption in transit, ensuring that all requests and responses between the application and the cluster are encrypted by TLS, and connections to the cluster can be authenticated by verification of a cluster x509 certificate.
DAX AWS PrivateLink Support – October 2025
DAX now supports AWS PrivateLink for management APIs.
Enables secure access to DAX management APIs over private IP addresses within your VPC.
Supported management APIs:
CreateCluster
DescribeClusters
DeleteCluster
DAX clusters already run inside your VPC, and all data plane operations (GetItem, Query) are handled privately within the VPC.
With PrivateLink, cluster management operations can now be performed privately without connecting to the public regional endpoint.
Simplifies private network connectivity between VPCs, DAX, and on-premises data centers using interface VPC endpoints.
Helps meet compliance regulations and eliminates the need for public IP addresses, firewall rules, or Internet gateways.
Available in all Regions where DAX is available.
Additional AWS PrivateLink charges apply.
DAX Cluster
DAC cluster is a logical grouping of one or more nodes that DAX manages as a unit.
One of the nodes in the cluster is designated as the primary node, and the other nodes (if any) are read replicas.
Primary Node is responsible for
Fulfilling application requests for cached data.
Handling write operations to DynamoDB.
Evicting data from the cache according to the cluster’s eviction policy.
Read replicas are responsible for
Fulfilling application requests for cached data.
Evicting data from the cache according to the cluster’s eviction policy.
Only the primary node writes to DynamoDB, read replicas don’t write to DynamoDB.
For production, it is recommended to have DAX with at least three nodes with each node placed in different Availability Zones.
Three nodes are required for a DAX cluster to be fault-tolerant.
DAX can scale out to a 10-node cluster, providing millions of requests per second.
A DAX cluster in an AWS Region can only interact with DynamoDB tables that are in the same Region.
DynamoDB Accelerator Operations
Eventual Read operations
If DAX has the item available (a cache hit), DAX returns the item without accessing DynamoDB.
If DAX does not have the item available (a cache miss), DAX passes the request through to DynamoDB. When it receives the response from DynamoDB, DAX returns the results to the application. But it also writes the results to the cache on the primary node.
Strongly Consistent Read operations
DAX passes the request through to DynamoDB. The results from DynamoDB are not cached in DAX. but simply returned.
DAX is not ideal for applications that require strongly consistent reads (or that cannot tolerate eventually consistent reads).
For Write operations
Data is first written to the DynamoDB table, and then to the DAX cluster.
Operation is successful only if the data is successfully written to both the table and to DAX.
Is not ideal for applications that are write-intensive, or that do not perform much read activity.
DynamoDB Accelerator Caches
DAX cluster has two distinct caches – Item cache and Query cache
Item cache
item cache to store the results from GetItem and BatchGetItem operations.
Item remains in the DAX item cache, subject to the Time to Live (TTL) setting and the least recently used (LRU) algorithm for the cache
DAX provides a write-through cache, keeping the DAX item cache consistent with the underlying DynamoDB tables.
Query cache
DAX caches the results from Query and Scan requests in its query cache.
Query and Scan results don’t affect the item cache at all, as the result set is saved in the query cache – not in the item cache.
Writes to the Item cache don’t affect the Query cache
Item and Query cache has a default 5 minutes TTL setting.
DAX assigns a timestamp to every entry it writes to the cache. The entry expires if it has remained in the cache for longer than the TTL setting
DAX maintains an LRU list for both Item and Query cache. LRU list tracks the item addition and last read time. If the cache becomes full, DAX evicts older items (even if they haven’t expired yet) to make room for new entries
LRU algorithm is always enabled for both the item and query cache and is not user-configurable.
DynamoDB Accelerator Write Strategies
Write-Through
DAX item cache implements a write-through policy
For write operations, DAX ensures that the cached item is synchronized with the item as it exists in DynamoDB.
Write-Around
Write-around strategy reduces write latency
Ideal for bulk uploads or writing large quantities of data
Item cache doesn’t remain in sync with the data in DynamoDB.
DAX Encryption
DAX supports encryption at rest using AWS-owned keys.
Customer-managed KMS keys are NOT supported for DAX encryption at rest.
DAX supports encryption in transit using TLS.
All requests and responses between the application and the cluster are encrypted.
Connections can be authenticated by verification of a cluster x509 certificate.
DynamoDB Accelerator Scenarios
As an in-memory cache, DAX increases performance and reduces the response times of eventually consistent read workloads by an order of magnitude from single-digit milliseconds to microseconds.
DAX reduces operational and application complexity by providing a managed service that is API-compatible with DynamoDB. It requires only minimal functional changes to use with an existing application.
For read-heavy or bursty workloads, DAX provides increased throughput and potential operational cost savings by reducing the need to overprovision read capacity units.
Ideal use cases:
Gaming leaderboards processing millions of score lookups per second
E-commerce platforms serving product catalog data during flash sales
Financial applications requiring sub-millisecond trade data retrieval
Applications with repeated reads for individual keys
DAX Best Practices
Deploy DAX with at least three nodes across different Availability Zones for fault tolerance.
Scale out to up to 10 nodes for high-throughput workloads.
Use write-through strategy for consistency-critical applications.
Use write-around strategy for bulk uploads to reduce write latency.
Configure appropriate TTL settings based on data freshness requirements (default: 5 minutes).
Use AWS PrivateLink for private management API access from on-premises or other VPCs.
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
A company has setup an application in AWS that interacts with DynamoDB. DynamoDB is currently responding in milliseconds, but the application response guidelines require it to respond within microseconds. How can the performance of DynamoDB be further improved?
Use ElastiCache in front of DynamoDB
Use DynamoDB inbuilt caching
Use DynamoDB Accelerator
Use RDS with ElastiCache instead
A company needs to manage DAX clusters from their on-premises data center without exposing traffic to the public internet. Which feature should they use?
VPC gateway endpoint
Internet gateway with security groups
AWS PrivateLink for DAX
NAT gateway
What is the maximum number of nodes a DAX cluster can scale to?
3 nodes
5 nodes
10 nodes
Unlimited nodes
A company requires customer-managed KMS keys for encrypting all data at rest. Can they use DAX for their DynamoDB tables?
Yes, DAX supports customer-managed keys
No, DAX only supports AWS-owned keys for encryption at rest
Yes, but only for the item cache
Yes, but only for the query cache
Which write strategy should be used for bulk uploads to minimize write latency in DAX?
Write-around
Write-through
Write-back
Write-behind
Which of the following statements about DAX are correct? (Select THREE)
DAX supports AWS PrivateLink for management APIs
DAX caches strongly consistent reads
DAX can scale to 10 nodes for millions of requests per second
DAX supports customer-managed KMS keys
DAX provides microsecond response times for eventually consistent reads
What happens when a strongly consistent read request is made to DAX?
DAX returns the cached value
DAX passes the request through to DynamoDB without caching
DynamoDB table classes are designed to help you optimize for cost.
DynamoDB currently supports two table classes:
DynamoDB Standard table class is the default, and is recommended for the vast majority of workloads.
DynamoDB Standard-Infrequent Access (DynamoDB Standard-IA) table class which is optimized for tables where storage is the dominant cost. e.g., tables that store infrequently accessed data, such as application logs, old social media posts, e-commerce order history, and past gaming achievements.
Every DynamoDB table is associated with a table class.
All secondary indexes associated with the table use the same table class.
DynamoDB table class can be:
Set when creating the table (DynamoDB Standard by default), or
Updated for an existing table using the AWS Management Console, AWS CLI, or AWS SDK.
DynamoDB also supports managing the table class using AWS CloudFormation for single-region tables (tables that are not global tables).
Each table class offers different pricing for data storage as well as read and write requests.
You can select the most cost-effective table class for your table based on its storage and throughput usage patterns.
DynamoDB Standard Table Class
The default table class for all new tables.
Recommended for the vast majority of workloads.
Lower throughput costs than DynamoDB Standard-IA.
Most cost-effective option for tables where throughput is the dominant cost.
Use Cases:
Frequently accessed data with high read/write operations.
Real-time applications requiring low latency.
Tables with high throughput relative to storage.
Mission-critical workloads with continuous access patterns.
DynamoDB Standard-IA Table Class
Optimized for tables where storage is the dominant cost.
Storage costs: Approximately 60% lower than DynamoDB Standard ($0.10/GB vs. $0.25/GB).
Throughput costs: Approximately 25% higher than DynamoDB Standard for reads and writes.
Cost-Effective Threshold: When storage exceeds 50% of the throughput cost of a table using DynamoDB Standard, Standard-IA can help reduce total table cost.
Offers the same performance, durability, and availability as DynamoDB Standard tables.
Use Cases:
Application logs and audit trails.
Old social media posts or historical content.
E-commerce order history and past transactions.
Gaming achievements and historical player data.
Archived data with infrequent access.
Long-term data retention with occasional reads.
Pricing Comparison
Cost Component
DynamoDB Standard
DynamoDB Standard-IA
Difference
Storage
$0.25/GB
$0.10/GB
~60% lower
Read/Write Throughput
Lower cost
Higher cost
~25% higher
Best For
Throughput-dominant
Storage-dominant
–
Switching Between Table Classes
Table class can be updated at any time for existing tables.
No application code changes required – same DynamoDB APIs and service endpoints are used regardless of table class.
No downtime – table remains accessible during the table class update.
Table class update is a background process.
Update time depends on table traffic, storage size, and other variables.
Switching Limitation: No more than two table class updates are allowed in a 30-day trailing period.
All secondary indexes automatically use the same table class as the base table.
Feature Compatibility
DynamoDB Standard-IA tables are compatible with all existing DynamoDB features:
Analyze Historical Data: Use AWS Cost and Usage Reports and AWS Cost Explorer to review table’s historical storage and throughput costs.
Calculate Cost Ratio: Determine if storage cost exceeds 50% of total table cost.
Decision Criteria:
Choose Standard if:
Throughput (reads/writes) is the dominant cost.
Data is frequently accessed.
High read/write operations relative to storage.
Choose Standard-IA if:
Storage is the dominant cost (exceeds 50% of throughput cost).
Data is infrequently accessed.
Large storage with low read/write operations.
Monitor and Adjust: Review costs regularly and switch table classes if usage patterns change (within the 2 updates per 30 days limit).
Best Practices
Start with Standard: Use DynamoDB Standard for new tables until usage patterns are established.
Monitor Costs: Regularly review storage vs. throughput costs using Cost Explorer.
Use 50% Threshold: Switch to Standard-IA when storage exceeds 50% of throughput cost.
Consider Access Patterns: Standard-IA is ideal for archival and historical data with infrequent access.
Plan Switches Carefully: Remember the 2 updates per 30 days limitation.
Test Before Production: Validate cost savings in non-production environments first.
Document Decisions: Keep records of why specific table classes were chosen for future reference.
Automate Monitoring: Set up CloudWatch alarms for cost thresholds to identify optimization opportunities.
Limitations and Considerations
Switching Limit: Maximum of 2 table class updates per 30-day trailing period.
CloudFormation Support: Only for single-region tables (not global tables).
Index Inheritance: All indexes (GSIs and LSIs) automatically use the same table class as the base table.
Background Process: Table class updates are asynchronous and time varies based on table size and traffic.
Cost Analysis Required: Requires careful analysis of storage vs. throughput costs to determine optimal class.
No Partial Application: Cannot apply different table classes to different indexes on the same table.
AWS Certification Exam Practice Questions
Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
Open to further feedback, discussion and correction.
A company has a DynamoDB table storing 500 GB of application logs that are accessed once per month for compliance reporting. The table currently uses the Standard table class. What should they do to optimize costs?
Enable DynamoDB Auto Scaling.
Switch to DynamoDB Standard-IA table class.
Enable Time-to-Live (TTL) to delete old logs.
Switch to on-demand capacity mode.
A DynamoDB table has storage costs of $1,000/month and throughput costs of $800/month. Which table class would be most cost-effective?
DynamoDB Standard
DynamoDB Standard-IA (storage exceeds 50% of total cost)
Either class would have the same cost
Cannot determine without more information
A company wants to switch a table between Standard and Standard-IA classes multiple times to test cost optimization. What is the maximum number of switches allowed?
Unlimited switches
1 switch per 30 days
2 switches per 30-day trailing period
4 switches per 30 days
What happens to a DynamoDB table during a table class update?
The table is unavailable during the update.
Read operations are allowed but write operations are blocked.
The table remains fully accessible with no downtime.
The table is read-only during the update.
A company has a DynamoDB table with 3 Global Secondary Indexes (GSIs). They want to use Standard-IA for the base table but Standard for the GSIs. Is this possible?
Yes, each index can have a different table class.
No, all indexes automatically use the same table class as the base table.
Yes, but only for GSIs, not LSIs.
Yes, but requires manual configuration for each index.
Which of the following statements about DynamoDB Standard-IA are correct? (Select TWO)
Storage costs are approximately 60% lower than Standard.
Throughput costs are approximately 60% lower than Standard.
Read and write costs are approximately 25% higher than Standard.
supports MySQL, MariaDB, PostgreSQL, Oracle, Microsoft SQL Server, and the new, MySQL-compatible Amazon Aurora DB engine
as it is a managed service, shell (root ssh) access is not provided
manages backups, software patching, automatic failure detection, and recovery
supports use initiated manual backups and snapshots
daily automated backups with database transaction logs enables Point in Time recovery up to the last five minutes of database usage
snapshots are user-initiated storage volume snapshot of DB instance, backing up the entire DB instance and not just individual databases that can be restored as a independent RDS instance
RDS Security
support encryption at rest using KMS as well as encryption in transit using SSL endpoints
supports IAM database authentication, which prevents the need to store static user credentials in the database, because authentication is managed externally using IAM.
supports Encryption only during creation of an RDS DB instance
existing unencrypted DB cannot be encrypted and you need to create a snapshot, created a encrypted copy of the snapshot and restore as encrypted DB
supports Secret Manager for storing and rotating secrets
for encrypted database
logs, snapshots, backups, read replicas are all encrypted as well
cross region replicas and snapshots does not work across region (Note – this is possible now with latest AWS enhancement)
Multi-AZ deployment
provides high availability and automatic failover support and is NOT a scaling solution
maintains a synchronous standby replica in a different AZ
transaction success is returned only if the commit is successful both on the primary and the standby DB
Oracle, PostgreSQL, MySQL, and MariaDB DB instances use Amazon technology, while SQL Server DB instances use SQL Server Mirroring
snapshots and backups are taken from standby & eliminate I/O freezes
during automatic failover, its seamless and RDS switches to the standby instance and updates the DNS record to point to standby
failover can be forced with the Reboot with failover option
Read Replicas
uses the PostgreSQL, MySQL, and MariaDB DB engines’ built-in replication functionality to create a separate Read Only instance
updates are asynchronously copied to the Read Replica, and data might be stale
can help scale applications and reduce read only load
requires automatic backups enabled
replicates all databases in the source DB instance
for disaster recovery, can be promoted to a full fledged database
can be created in a different region for disaster recovery, migration and low latency across regions
can’t create encrypted read replicas from unencrypted DB or read replica
RDS does not support all the features of underlying databases, and if required the database instance can be launched on an EC2 instance
RDS Components
DB parameter groups contains engine configuration values that can be applied to one or more DB instances of the same instance type for e.g. SSL, max connections etc.
Default DB parameter group cannot be modified, create a custom one and attach to the DB
Supports static and dynamic parameters
changes to dynamic parameters are applied immediately (irrespective of apply immediately setting)
changes to static parameters are NOT applied immediately and require a manual reboot.
RDS Monitoring & Notification
integrates with CloudWatch and CloudTrail
CloudWatch provides metrics about CPU utilization from the hypervisor for a DB instance, and Enhanced Monitoring gathers its metrics from an agent on the instance
Performance Insights is a database performance tuning and monitoring feature that helps illustrate the database’s performance and help analyze any issues that affect it
supports RDS Event Notification which uses the SNS to provide notification when an RDS event like creation, deletion or snapshot creation etc occurs
is a relational database engine that combines the speed and reliability of high-end commercial databases with the simplicity and cost-effectiveness of open source databases
is a managed services and handles time-consuming tasks such as provisioning, patching, backup, recovery, failure detection and repair
is a proprietary technology from AWS (not open sourced)
provides PostgreSQL and MySQL compatibility
is “AWS cloud optimized” and claims 5x performance improvement
over MySQL on RDS, over 3x the performance of PostgreSQL on RDS
scales storage automatically in increments of 10GB, up to 64 TB with no impact to database performance. Storage is striped across 100s of volumes.
no need to provision storage in advance.
provides self-healing storage. Data blocks and disks are continuously scanned for errors and repaired automatically.
provides instantaneous failover
replicates each chunk of my the database volume six ways across three Availability Zones i.e. 6 copies of the data across 3 AZ
requires 4 copies out of 6 needed for writes
requires 3 copies out of 6 need for reads
costs more than RDS (20% more) – but is more efficient
Read Replicas
can have 15 replicas while MySQL has 5, and the replication process is faster (sub 10 ms replica lag)
share the same data volume as the primary instance in the same AWS Region, there is virtually no replication lag
supports Automated failover for master in less than 30 seconds
supports Cross Region Replication using either physical or logical replication.
Security
supports Encryption at rest using KMS
supports Encryption in flight using SSL (same process as MySQL or Postgres)
Automated backups, snapshots and replicas are also encrypted
Possibility to authenticate using IAM token (same method as RDS)
supports protecting the instance with security groups
does not support SSH access to the underlying servers
allows a single Aurora database to span multiple AWS regions.
provides Physical replication, which uses dedicated infrastructure that leaves the databases entirely available to serve the application
supports 1 Primary Region (read / write)
replicates across up to 5 secondary (read-only) regions, replication lag is less than 1 second
supports up to 16 Read Replicas per secondary region
recommended for low-latency global reads and disaster recovery with an RTO of < 1 minute
failover is not automated and if the primary region becomes unavailable, a secondary region can be manually removed from an Aurora Global Database and promote it to take full reads and writes. Application needs to be updated to point to the newly promoted region.
Backtracking “rewinds” the DB cluster to the specified time
Backtracking performs in place restore and does not create a new instance. There is a minimal downtime associated with it.
Aurora Clone feature allows quick and cost-effective creation of Aurora Cluster duplicates
supports parallel or distributed query using Aurora Parallel Query, which refers to the ability to push down and distribute the computational load of a single query across thousands of CPUs in Aurora’s storage layer.
DynamoDB Global Tables provide multi-master, cross-region replication capability of DynamoDB to support data access locality and regional fault tolerance for database workloads.
DynamoDB Streams provides a time-ordered sequence of item-level changes made to data in a table
enables a per-item timestamp to determine when an item expiry
expired items are deleted from the table without consuming any write throughput.
DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second.
allows identical copies (called replicas) of a DynamoDB table (called master table) to be maintained in one or more AWS regions.
using DynamoDB streams which leverages Kinesis and provides time-ordered sequence of item-level changes and can help for lower RPO, lower RTO disaster recovery
DynamoDB Triggers (just like database triggers) are a feature that allows the execution of custom actions based on item-level updates on a table.
VPC Gateway Endpoints provide private access to DynamoDB from within a VPC without the need for an internet gateway or NAT gateway.
managed web service that provides in-memory caching to deploy and run Memcached or Redis protocol-compliant cache clusters
ElastiCache with Redis,
like RDS, supports Multi-AZ, Read Replicas and Snapshots
Read Replicas are created across AZ within same region using Redis’s asynchronous replication technology
Multi-AZ differs from RDS as there is no standby, but if the primary goes down a Read Replica is promoted as primary
Read Replicas cannot span across regions, as RDS supports
cannot be scaled out and if scaled up cannot be scaled down
allows snapshots for backup and restore
AOF can be enabled for recovery scenarios, to recover the data in case the node fails or service crashes. But it does not help in case the underlying hardware fails
Enabling Redis Multi-AZ as a Better Approach to Fault Tolerance
ElastiCache with Memcached
can be scaled up by increasing size and scaled out by adding nodes
nodes can span across multiple AZs within the same region
cached data is spread across the nodes, and a node failure will always result in some data loss from the cluster
supports auto discovery
every node should be homogenous and of same instance type
ElastiCache Redis vs Memcached
complex data objects vs simple key value storage
persistent vs non persistent, pure caching
automatic failover with Multi-AZ vs Multi-AZ not supported
scaling using Read Replicas vs using multiple nodes
backup & restore supported vs not supported
can be used state management to keep the web application stateless
fully managed, fast and powerful, petabyte scale data warehouse service
uses replication and continuous backups to enhance availability and improve data durability and can automatically recover from node and component failures
provides Massive Parallel Processing (MPP) by distributing & parallelizing queries across multiple physical resources
columnar data storage improving query performance and allowing advance compression techniques
only supports Single-AZ deployments and the nodes are available within the same AZ, if the AZ supports Redshift clusters
