AWS DynamoDB Advanced Features

• DynamoDB Secondary indexes on a table allow efficient access to data with attributes other than the primary key.
• DynamoDB Time to Live – TTL enables a per-item timestamp to determine when an item is no longer needed.
• DynamoDB Global Tables is a fully managed, multi-active, cross-region replication capability of DynamoDB to support data access locality and regional fault tolerance for database workloads.
• DynamoDB Streams provides a time-ordered sequence of item-level changes made to data in a table.
• DynamoDB Triggers (just like database triggers) are a feature that allows the execution of custom actions based on item-level updates on a table.
• DynamoDB Accelerator – DAX is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from ms to µs – even at millions of requests per second.
• DynamoDB Zero-ETL Integrations provide seamless data replication to analytics services like Amazon Redshift, Amazon OpenSearch Service, and Amazon SageMaker Lakehouse without building ETL pipelines.
• VPC Gateway Endpoints provide private access to DynamoDB from within a VPC without the need for an internet gateway or NAT gateway.
• DynamoDB Warm Throughput provides visibility into the throughput your tables and indexes can instantly support and allows pre-warming for anticipated traffic spikes.

DynamoDB Secondary Indexes

• DynamoDB Secondary indexes on a table allow efficient access to data with attributes other than the primary key.
• Global secondary index – an index with a partition key and a sort key that can be different from those on the base table.
• Local secondary index – an index that has the same partition key as the base table, but a different sort key.

DynamoDB TTL

• DynamoDB Time to Live (TTL) enables a per-item timestamp to determine when an item is no longer needed.
• After the date and time of the specified timestamp, DynamoDB deletes the item from the table without consuming any write throughput.
• DynamoDB TTL is provided at no extra cost and can help reduce data storage by retaining only required data.
• Items that are deleted from the table are also removed from any local secondary index and global secondary index in the same way as a DeleteItem operation.
• DynamoDB typically deletes expired items within a few days of their expiration. Items with valid, expired TTL attributes may still be updated, including changing or removing their TTL attributes, while pending deletion.
• DynamoDB Stream tracks the delete operation as a system delete and not a regular delete.
• TTL is useful if the stored items lose relevance after a specific time. for e.g.
  • Remove user or sensor data after a year of inactivity in an application
  • Archive expired items to an S3 data lake via DynamoDB Streams and AWS Lambda.
  • Retain sensitive data for a certain amount of time according to contractual or regulatory obligations.

DynamoDB Global Tables

• DynamoDB Global Tables is a fully managed, serverless, multi-active, cross-region replication capability of DynamoDB to support data access locality and regional fault tolerance for database workloads.
• Applications can perform reads and writes to DynamoDB in AWS regions around the world, with changes in any region propagated to every region where a table is replicated.
• Global Tables help in building applications to take advantage of data locality to reduce overall latency.
• Global Tables provides up to 99.999% availability and increased application resiliency.
• Global Tables uses the Last Write Wins approach for conflict resolution.
• Global Tables requires DynamoDB streams enabled with New and Old image settings.
• Global Tables supports both same-account and multi-account replication models (multi-account GA Feb 2026).

Global Tables – Multi-Region Strong Consistency (MRSC)

• DynamoDB Global Tables now supports Multi-Region Strong Consistency (MRSC), generally available as of June 2025.
• MRSC enables applications to always read the latest data from any Region, achieving zero Recovery Point Objective (RPO).
• Provides the highest level of application resilience, removing the need to manage strongly consistent replication manually.
• Ideal for global applications with strict consistency requirements such as user profile management, inventory tracking, and financial transaction processing.
• Available in: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland, London, Paris, Frankfurt), Asia Pacific (Tokyo, Seoul, Osaka).
• Note: Global tables configured for MRSC do not support the multi-account model.

Global Tables – Multi-Region Eventual Consistency (MREC)

• Default replication mode providing eventual consistency for cross-region reads.
• Supports strong consistency for same-region reads.
• Supports both same-account and multi-account replication models.

Global Tables – Multi-Account Replication

• DynamoDB Global Tables now supports replication across multiple AWS accounts (GA Feb 2026).
• Adds account-level isolation for stronger resiliency and limits the impact of misconfigurations, security incidents, or account-level issues.
• Multi-account global tables replicate data across AWS Regions and accounts, providing the same active-active functionality as same-account global tables.
• Both models support multi-Region writes, asynchronous replication, last-writer-wins conflict resolution, and the same billing model.
• They differ in how accounts, permissions, encryption, and table governance are managed.
• Multi-account global tables support only Multi-Region Eventual Consistency (MREC), not MRSC.

Global Tables – Pricing (Nov 2024 Update)

• Effective November 1, 2024, DynamoDB reduced global tables pricing by up to 67% for on-demand tables (replicated write pricing).
• For provisioned capacity tables, replicated write pricing was reduced by 33%.
• After the price reduction, replicated write cost (rWCU/rWRU) is now priced identically to standard single-region WCU/WRU.

Global Tables – AWS FIS Integration

• DynamoDB supports an AWS Fault Injection Service (FIS) action to pause global table replication (April 2024).
• Enables simulation and observation of application response to Regional replication pauses.
• Helps fine-tune monitoring and recovery processes for improved resiliency and availability.

DynamoDB Streams

• DynamoDB Streams provides a time-ordered sequence of item-level changes made to data in a table.
• DynamoDB Streams stores the data for the last 24 hours, after which they are erased.
• DynamoDB Streams maintains an ordered sequence of the events per item however, sequence across items is not maintained.
• Example
  • For e.g., suppose that you have a DynamoDB table tracking high scores for a game and that each item in the table represents an individual player. If you make the following three updates in this order:
    • Update 1: Change Player 1’s high score to 100 points
    • Update 2: Change Player 2’s high score to 50 points
    • Update 3: Change Player 1’s high score to 125 points
  • DynamoDB Streams will maintain the order for Player 1 score events. However, it would not maintain order across the players. So Player 2 score event is not guaranteed between the 2 Player 1 events
• DynamoDB Streams APIs help developers consume updates and receive the item-level data before and after items are changed.
• DynamoDB Streams allow reads at up to twice the rate of the provisioned write capacity of the DynamoDB table.
• DynamoDB Streams have to be enabled on a per-table basis.
• DynamoDB streams support Encryption at rest to encrypt the data.
• DynamoDB Streams is designed for No Duplicates so that every update made to the table will be represented exactly once in the stream.
• DynamoDB Streams writes stream records in near-real time so that applications can consume these streams and take action based on the contents.
• DynamoDB streams can be used for multi-region replication to keep other data stores up-to-date with the latest changes to DynamoDB or to take actions based on the changes made to the table
• DynamoDB stream records can be processed using Kinesis Data Streams, Lambda, KCL application, or Amazon Managed Service for Apache Flink.
• DynamoDB Streams now supports resource-based policies (March 2024), enabling cross-account stream access without complex IAM role configurations.
• DynamoDB Streams supports AWS PrivateLink interface endpoints (December 2024), enabling private access to streams over private IP addresses within a VPC.

DynamoDB Streams vs Kinesis Data Streams for DynamoDB

• DynamoDB offers two streaming models for change data capture (CDC):
  • DynamoDB Streams – Built-in, 24-hour retention, tightly integrated with DynamoDB, ideal for Lambda triggers and event-driven architectures.
  • Kinesis Data Streams for DynamoDB – More flexible retention (up to 365 days), higher throughput, supports multiple consumers, ideal for complex downstream processing pipelines.
• Kinesis Data Streams captures item-level modifications and replicates them to a Kinesis data stream, allowing continuous capture and storage of terabytes of data per hour.
• Choose DynamoDB Streams for simpler use cases (Lambda triggers, Global Tables). Choose Kinesis Data Streams for higher throughput, longer retention, or multiple consumers.

DynamoDB Triggers

• DynamoDB Triggers (just like database triggers) are a feature that allows the execution of custom actions based on item-level updates on a table.
• DynamoDB triggers can be used in scenarios like sending notifications, updating an aggregate table, and connecting DynamoDB tables to other data sources.
• DynamoDB Trigger flow
  • Custom logic for a DynamoDB trigger is stored in an AWS Lambda function as code.
  • A trigger for a given table can be created by associating an AWS Lambda function to the stream (via DynamoDB Streams) on a table.
  • When the table is updated, the updates are published to DynamoDB Streams.
  • In turn, AWS Lambda reads the updates from the associated stream and executes the code in the function.

DynamoDB Backup and Restore

• DynamoDB on-demand backup helps create full backups of the tables for long-term retention, and archiving for regulatory compliance needs.
• Backup and restore actions run with no impact on table performance or availability.
• Backups are preserved regardless of table deletion and retained until they are explicitly deleted.
• On-demand backups are cataloged, and discoverable.
• On-demand backups can be created using
  • DynamoDB
    • DynamoDB on-demand backups cannot be copied to a different account or Region.
  • AWS Backup (Recommended)
    • is a fully managed data protection service that makes it easy to centralize and automate backups across AWS services, in the cloud, and on-premises
    • provides enhanced backup features
    • can configure backup schedule, policies and monitor activity for the AWS resources and on-premises workloads in one place.
    • can copy the on-demand backups across AWS accounts and Regions,
    • encryption using an AWS KMS key that is independent of the DynamoDB table encryption key.
    • apply write-once-read-many (WORM) setting for the backups using the AWS Backup Vault Lock policy.
    • add cost allocation tags to on-demand backups, and
    • transition on-demand backups to cold storage for lower costs.

DynamoDB PITR – Point-In-Time Recovery

• DynamoDB point-in-time recovery – PITR enables automatic, continuous, incremental backup of the table with per-second granularity.
• PITR helps protect against accidental writes and deletes.
• PITR can back up tables with hundreds of terabytes of data with no impact on the performance or availability of the production applications.
• PITR-enabled tables that were deleted can be recovered in the preceding 35 days and restored to their state just before they were deleted.
• Configurable Recovery Period (Jan 2025): PITR now supports configurable recovery periods. You can set the PITR period for each table between 1 to 35 days (default remains 35 days). This helps meet data compliance and regulatory requirements that need shorter retention periods.
• Shortening the RecoveryPeriodInDays has no impact on PITR pricing because the price is based on the size of table and local secondary indexes.

DynamoDB Table Deletion Protection

• DynamoDB supports table deletion protection (March 2023) to prevent accidental deletion during regular maintenance operations.
• When deletion protection is enabled, the table cannot be deleted via the AWS Management Console, AWS CLI, or API calls unless the feature is explicitly disabled first.
• Authorized administrators can set the deletion protection property when creating new tables or managing existing tables.
• Complements other protection strategies like IAM policies, CloudFormation deletion policies, and PITR.

DynamoDB Import and Export

Export to S3

• DynamoDB supports full and incremental exports to Amazon S3 from tables with PITR enabled.
• Full Export: Exports the complete table data at any point in time within the PITR recovery window.
• Incremental Export (Sep 2023): Exports only data that was inserted, updated, or deleted between two specified points in time. Enables efficient CDC pipelines without full table exports.
• Exports do not affect the read capacity or availability of the table.
• Data can be exported in DynamoDB JSON or Amazon Ion format.
• Export per-second granularity for any point in the last 35 days (configurable with PITR recovery period).

Import from S3

• DynamoDB Import allows importing data from an Amazon S3 bucket to a new DynamoDB table.
• Supports up to 50,000 S3 objects in a single bulk import (increased from previous limits in March 2024).
• Removes the need to consolidate S3 objects prior to running a bulk import.

DynamoDB Zero-ETL Integrations

• DynamoDB offers zero-ETL integrations that seamlessly replicate data to analytics services without building or managing ETL pipelines.

Zero-ETL with Amazon Redshift (GA Oct 2024)

• Automatically replicates DynamoDB tables into Amazon Redshift within minutes of data being written.
• Enables SQL queries and analytics on DynamoDB data without complex ETL processes.
• Supports Amazon Redshift Serverless workgroups or provisioned clusters using RA3 instance types.
• Data replication begins within a few minutes of changes being written to DynamoDB.

Zero-ETL with Amazon OpenSearch Service (GA Jul 2024)

• Provides near real-time data replication from DynamoDB to OpenSearch Service using the DynamoDB plugin for OpenSearch Ingestion.
• Uses DynamoDB export to S3 for initial snapshot loading, then DynamoDB Streams for real-time change replication.
• Enables powerful full-text search, vector search, and complex analytics on DynamoDB data.
• Fully managed, code-free solution for seamless data synchronization.

Zero-ETL with Amazon SageMaker Lakehouse (Dec 2024)

• Automates extracting and loading data from DynamoDB tables into SageMaker Lakehouse.
• Enables analytics and ML workloads using integrated access control and Apache Iceberg for data interoperability.

Zero-ETL with Amazon S3 Tables (Jul 2025)

• AWS Glue supports zero-ETL integrations from DynamoDB to S3 Table-backed data lakes.
• Efficiently extracts and loads data for analysis in S3 Tables.

DynamoDB Warm Throughput

• DynamoDB warm throughput (November 2024) provides visibility into the number of read and write operations your tables and indexes can readily handle.
• Pre-warming allows proactively increasing the warm throughput value to meet anticipated future traffic demands.
• Warm throughput values are available for all provisioned and on-demand tables and indexes at no cost.
• Pre-warming your table’s throughput incurs a charge.
• Warm throughput is not a maximum limit; it represents a minimum throughput the table can handle instantly.
• DynamoDB dynamically increases warm throughput as applications grow, offering consistent performance at any scale.
• Ideal for anticipated traffic spikes such as product launches, flash sales, or planned events.
• Pre-warming is an asynchronous operation; you can carry out other table updates while pre-warming is in progress.

DynamoDB Configurable Maximum Throughput

• DynamoDB supports configurable maximum throughput for on-demand tables (May 2024).
• Allows optionally setting maximum read or write (or both) throughput for individual on-demand tables and associated secondary indexes.
• Requests exceeding the maximum throughput are automatically throttled.
• Provides predictable cost management and protection against accidental surging in consumed resources.
• Safeguards downstream services with fixed capacity from potential overloading.
• Maximum throughput values can be modified as needed based on application requirements.

DynamoDB Accelerator – DAX

• DynamoDB Accelerator (DAX) is a fully managed, highly available, in-memory cache for DynamoDB that delivers up to a 10x performance improvement – from milliseconds to microseconds – even at millions of requests per second.
• DAX is intended for high-performance read applications. As a write-through cache, DAX writes directly so that the writes are immediately reflected in the item cache.
• DAX as a managed service handles the cache invalidation, data population, or cluster management.
• DAX provides API-compatible with DynamoDB. Therefore, it requires only minimal functional changes to use with an existing application.
• DAX saves costs by reducing the read load (RCU) on DynamoDB.
• DAX helps prevent hot partitions.
• DAX only supports eventual consistency, and strong consistency requests are passed-through to DynamoDB.
• DAX is fault-tolerant and scalable.
• DAX cluster has a primary node and zero or more read-replica nodes. Upon a failure for a primary node, DAX will automatically failover and elect a new primary. For scaling, add or remove read replicas.
• DAX supports server-side encryption.
• DAX also supports encryption in transit, ensuring that all requests and responses between the application and the cluster are encrypted by TLS, and connections to the cluster can be authenticated by verification of a cluster x509 certificate.
• DAX now supports R7i instances (April 2025), powered by 4th Gen Intel Xeon Scalable processors, with instance sizes up to 24xlarge and DDR5 memory.
• DAX now supports AWS PrivateLink (October 2025), enabling secure access to DAX management APIs (CreateCluster, DescribeClusters, DeleteCluster) over private IP addresses within a VPC.
• DAX SDK for JavaScript version 3 is now available (March 2025).

DynamoDB Security Features

Resource-Based Policies (March 2024)

• DynamoDB supports resource-based policies for tables, indexes, and streams.
• Allows specifying IAM principals and their permitted actions directly on DynamoDB resources.
• Simplifies cross-account access control without requiring complex IAM role assumptions.
• Integrates with AWS IAM Access Analyzer and Block Public Access capabilities.
• Available in all AWS commercial Regions and GovCloud at no additional cost.

Attribute-Based Access Control – ABAC (Nov 2024 GA)

• DynamoDB supports ABAC for tables and indexes.
• ABAC defines access permissions based on tags attached to users, roles, and AWS resources.
• Uses tag-based conditions in IAM policies to allow or deny specific actions.
• Automatically applies tag-based permissions to new employees and changing resource structures without rewriting policies.

AWS PrivateLink (March 2024)

• DynamoDB supports AWS PrivateLink (Interface VPC Endpoints) for private connectivity without public IP addresses.
• Compatible with AWS Direct Connect and AWS VPN for end-to-end private network connectivity.
• Eliminates the need for internet gateway or firewall rule configuration for DynamoDB access from on-premises.
• Supports FIPS 140-3 compliant interface VPC endpoints and Streams endpoints (Dec 2024).

VPC Endpoints

• DynamoDB supports both Gateway endpoints and Interface endpoints (PrivateLink):
  • Gateway Endpoints: Free, adds route table entries to direct traffic to DynamoDB. Ideal for VPC-to-DynamoDB access with no additional cost.
  • Interface Endpoints (PrivateLink): Creates an ENI with private IP. Supports Direct Connect and VPN. Has per-hour and per-GB costs. Ideal for on-premises-to-DynamoDB access.
• VPC Gateway endpoints for DynamoDB improve privacy and security, especially those dealing with sensitive workloads with compliance and audit requirements, by enabling private access to DynamoDB from within a VPC without the need for an internet gateway or NAT gateway.
• VPC endpoints for DynamoDB support IAM policies to simplify DynamoDB access control, where access can be restricted to a specific VPC endpoint.
• VPC endpoints can be created only for Amazon DynamoDB tables in the same AWS Region as the VPC.
• DynamoDB Streams can be accessed using Interface endpoints (PrivateLink) only, not Gateway endpoints.

DynamoDB Pricing Updates (Nov 2024)

• Effective November 1, 2024, DynamoDB reduced on-demand throughput pricing by 50%.
• Global tables pricing reduced by up to 67% for on-demand and 33% for provisioned.
• DynamoDB offers two table classes:
  • DynamoDB Standard: Default table class, optimized for balanced throughput and storage costs.
  • DynamoDB Standard-IA: Reduces storage costs by up to 60% ($0.10/GB vs $0.25/GB) for infrequently accessed data. Higher read/write costs (~25% higher).
• Standard-IA is ideal when storage is the dominant cost and access patterns are infrequent.

AWS Certification Exam Practice Questions

• Questions are collected from Internet and the answers are marked as per my knowledge and understanding (which might differ with yours).
• AWS services are updated everyday and both the answers and questions might be outdated soon, so research accordingly.
• AWS exam questions are not updated to keep up the pace with AWS updates, so even if the underlying feature has changed the question might not be updated
• Open to further feedback, discussion and correction.

1. What are the services supported by VPC endpoints, using Gateway endpoint type? Choose 2 answers
   1. Amazon S3
   2. Amazon EFS
   3. Amazon DynamoDB
   4. Amazon Glacier
   5. Amazon SQS
2. A company has setup an application in AWS that interacts with DynamoDB. DynamoDB is currently responding in milliseconds, but the application response guidelines require it to respond within microseconds. How can the performance of DynamoDB be further improved? [SAA-C01]
   1. Use ElastiCache in front of DynamoDB
   2. Use DynamoDB inbuilt caching
   3. Use DynamoDB Accelerator
   4. Use RDS with ElastiCache instead
3. A company runs a global application that requires strong consistency for reads across all regions. Which DynamoDB feature should be used?
   1. DynamoDB Streams with Lambda replication
   2. DynamoDB Global Tables with eventual consistency
   3. DynamoDB Global Tables with Multi-Region Strong Consistency (MRSC)
   4. DynamoDB with ElastiCache in each region
4. A company needs to run analytics on DynamoDB data using SQL queries without building ETL pipelines. Which solution requires the least operational overhead?
   1. Export DynamoDB to S3 and query with Athena
   2. Use DynamoDB Streams to replicate to Aurora
   3. Use DynamoDB zero-ETL integration with Amazon Redshift
   4. Use AWS Glue to copy data to Redshift nightly
5. A company anticipates a major traffic spike during a product launch and wants to ensure their DynamoDB on-demand table can handle the increased load immediately. What feature should they use?
   1. Switch to provisioned capacity mode
   2. Enable DynamoDB Auto Scaling
   3. Pre-warm the table using warm throughput
   4. Add a DAX cluster
6. A company needs to grant a partner account access to specific DynamoDB tables without creating IAM roles in the partner account. What is the most efficient approach?
   1. Create a cross-account IAM role
   2. Use DynamoDB resource-based policies
   3. Share tables using AWS RAM
   4. Replicate data to the partner account
7. A company wants to configure DynamoDB PITR with a 7-day recovery window to comply with data minimization regulations. Is this possible?
   1. No, PITR always retains 35 days of backups
   2. Yes, PITR now supports configurable recovery periods between 1-35 days
   3. No, you must use on-demand backups for shorter retention
   4. Yes, but only with AWS Backup
8. Which DynamoDB streaming option provides retention of up to 365 days and supports multiple consumers? [SAA-C03]
   1. DynamoDB Streams
   2. Kinesis Data Streams for DynamoDB
   3. DynamoDB Triggers
   4. Amazon EventBridge

References

• DynamoDB Global Tables
• DynamoDB Secondary Indexes
• DynamoDB Global Tables Developer Guide
• Multi-Region Strong Consistency
• DynamoDB Zero-ETL with Redshift
• DynamoDB Zero-ETL with OpenSearch
• DynamoDB Warm Throughput
• DynamoDB Resource-Based Policies
• DynamoDB PITR
• DynamoDB 2024 Year in Review