Medium

Connections towards DynamoDB should be via VPC endpoints

Security & Compliance
No items found.
Description

Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability. When creating an Amazon DynamoDB table, it is recommended to use a Virtual Private Cloud (VPC) endpoint for accessing the table. By default, Amazon DynamoDB endpoints are publicly accessible. This may lead to security risks, such as unauthorized access, data breaches, or malicious activities. To ensure security, all connections to Amazon DynamoDB tables should be through VPC endpoints, which ensures that traffic to the table stays within the VPC and does not go over the public internet.‍

Remediation

To remediate the issue of allowing connections towards DynamoDB outside the VPC, you can follow the below steps:

  1. Create a new VPC Endpoint for DynamoDB.
  2. Modify the routing table for your Amazon VPC to ensure that traffic to DynamoDB endpoints is routed through the endpoint.
  3. Modify the security group rules to allow traffic to and from the endpoint.
  4. Update your application to use the VPC endpoint instead of the public endpoint.
  5. Verify that you can access DynamoDB from your application using the VPC endpoint.
  6. Test thoroughly to ensure that the application continues to function correctly after the changes.

By following the above steps, you can ensure that all connections to DynamoDB are made via VPC endpoints, thereby securing your data and reducing the risk of unauthorized access.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.

Step into the Future of SecOps