Amazon DynamoDB
Developer Guide (API Version 2012-08-10)

CloudWatch Contributor Insights for DynamoDB: How It Works

CloudWatch Contributor Insights for DynamoDB is in preview release for Amazon DynamoDB and is subject to change.

Amazon DynamoDB integrates with Amazon CloudWatch Contributor Insights to provide information about the most accessed and throttled items in a table or global secondary index. DynamoDB delivers this information to you via CloudWatch Contributor Insights rules, reports, and graphs of report data.

For more information about CloudWatch Contributor Insights, see Using Contributor Insights to Analyze High-Cardinality Data in the Amazon CloudWatch User Guide.

The following sections describe the core concepts and behavior of CloudWatch Contributor Insights for DynamoDB.

CloudWatch Contributor Insights for DynamoDB Rules

When you enable CloudWatch Contributor Insights for DynamoDB on a table or global secondary index, DynamoDB creates the following rules on your behalf:

  • Most accessed items (partition key) : Identifies the partition keys of the most accessed items in your table or global secondary index.

    CloudWatch rule name format : DynamoDBContributorInsights-PKC-[resource_name]-[creationtimestamp]

  • Most throttled keys (partition key): Identifies the partition keys of the most throttled items in your table or global secondary index.

    CloudWatch rule name format: DynamoDBContributorInsights-PKT-[resource_name]-[creationtimestamp]

If your table or global secondary index has a sort key, DynamoDB also creates the following rules specific to sort keys:

  • Most accessed keys (partition and sort keys): Identifies the partition and sort keys of the most accessed items in your table or global secondary index.

    CloudWatch rule name format: DynamoDBContributorInsights-SKC-[resource_name]-[creationtimestamp]

  • Most throttled keys (partition and sort keys): Identifies the partition and sort keys of the most throttled items in your table or global secondary index

    CloudWatch rule name format: DynamoDBContributorInsights-SKT-[resource_name]-[creationtimestamp]

Note

  • You cannot use the CloudWatch console or APIs to directly modify or delete the rules created by CloudWatch Contributor Insights for DynamoDB. Disabling CloudWatch Contributor Insights for DynamoDB on a table or global secondary index automatically deletes the rules created for that table or global secondary index

  • When you use GetInsightRuleReport operation with CloudWatch Contributor Insights rules that are created by DynamoDB, only MaxContributorValue and Maximum return useful statistics. The other statistics in this list do not return meaningful values.

Understanding CloudWatch Contributor Insights for DynamoDB Graphs

CloudWatch Contributor Insights for DynamoDB displays two types of graphs in the DynamoDB console and CloudWatch console.

  • Most Accessed Items

    Use this graph to identify the most accessed items in the table or global secondary index. The graph displays ConsumedThroughputUnits on the y-axis and time on the x-axis. Each of the top N keys is displayed in its own color, with a legend displayed below the x-axis.

    DynamoDB measures key access frequency by using ConsumedThroughputUnits, which measures combined read and write traffic. ConsumedThroughputUnits is defined as the following:

    • Provisioned: (3 x Consumed Write Capacity Units) + Consumed Read Capacity Units.

    • On-Demand: (3 x Write request Units) + Read Request Units.

    In the DynamoDB console, each data point in the graph represents the maximum of ConsumedThroughputUnits over a five-minute period. For example, a graph value of 180,000 ConsumedThroughputUnits indicates that the item was accessed continuously at the per-item maximum throughput of 1,000 write request units or 3,000 read request units for a 60-second span within that five-minute period (3,000 x 60 seconds). In other words, the graphed values represent the highest-traffic minute within each five-minute period. You can change the time granularity of the ConsumedThroughputUnits metric (e.g. to view one-minute metrics instead of five-minute) in the CloudWatch console.

    If you see several closely clustered lines without any obvious outliers, it indicates that your workload is relatively balanced across items over the given time window. If you see isolated points in the graph instead of connected lines, it indicates an item that was frequently accessed only for a brief period.

    If your table or global secondary index has a sort key, DynamoDB creates two graphs: one for the most accessed partition keys and one for the most accessed partition + sort key pairs. You can see traffic at the partition key level in the partition key–only graph, and traffic at the item level in the partition + sort key graphs.

    Note

    During the initial stages of the preview, ConsumedThroughputUnits may be artificially high if your workload performs certain write requests (PutItem , UpdateItem, DeleteItem, and TransactWriteItems) on a table with a global secondary index.

    ConsumedThroughputUnits for the Query operation is represented in the graph displaying the most accessed partition keys and does not appear in the graph displaying the top most accessed partition and sort key pairs.

  • Most Throttled Items

    Use this graph to identify the most throttled items in the table or global secondary index. The graph displays ThrottleCount on the y-axis and time on the x-axis. Each of the top N keys is displayed in its own color, with a legend displayed below the x-axis.

    DynamoDB measures throttle frequency using ThrottleCount, which is the count of ProvisionedThroughputExceededException, ThrottlingException, and RequestLimitExceeded errors.

    In the DynamoDB console, each data point in the graph represents ThrottleCount over a five-minute period.

    If you see no data in this graph, it indicates that your requests are not being throttled. If you see isolated points in the graph instead of connected lines, it indicates an item was frequently throttled for a brief period.

    If your table or global secondary index has a sort key, DynamoDB creates two graphs: one for most throttled partition keys and one for most throttled partition + sort key pairs. You can see throttle count at the partition key level in the partition key-only graph, and throttle count at the item-level in the partition + sort key graphs.

Below is an example of the reports generated for a table with both a partition key and sort key


                        Contributor Insights

Interactions with other DynamoDB features

Global Tables

CloudWatch Contributor Insights for DynamoDB monitors global table replicas as distinct tables so that the Contributor Insights graphs for a replica in one AWS Region may not show the same patterns as another Region. This is because write data is replicated across all replicas in a global table, but each replica can serve Region-bound read traffic.

DynamoDB Accelerator (DAX)

CloudWatch Contributor Insights for DynamoDB does not show DAX cache responses, only responses to accessing a table or global secondary index.

Encryption at Rest

CloudWatch Contributor Insights for DynamoDB does not affect how encryption works in DynamoDB. The primary key data published in CloudWatch is encrypted with the AWS owned CMK, but DynamoDB also supports the AWS managed CMK and a customer managed CMK. If you require your primary key data to be encrypted with the AWS managed CMK or a customer managed CMK, you should not enable CloudWatch Contributor Insights for DynamoDB for that table.

Fine-grained access control (FGAC)

CloudWatch Contributor Insights for DynamoDB does not function differently for tables with FGAC. In other words, any user who has the appropriate CloudWatch permissions will be able to view FGAC-protected primary keys in the CloudWatch Contributor Insights graphs. If the table’s primary key contains FGAC-protected data that you do not want published to CloudWatch, you should not enable CloudWatch Contributor Insights for DynamoDB for that table.

Access Control

You control access to CloudWatch Contributor Insights for DynamoDB using AWS Identity and Access Management (IAM) by limiting DynamoDB control plane permissions and CloudWatch data plane permissions. For more information see, Using IAM with CloudWatch Contributor Insights for DynamoDB.

CloudWatch Contributor Insights for DynamoDB Billing

Charges for CloudWatch Contributor Insights for DynamoDB appear in the CloudWatch section of your monthly bill, and are calculated based on the number of DynamoDB events processed. For tables and global secondary indexes with CloudWatch Contributor Insights for DynamoDB enabled, each item written or read via a data plane operation represents one event.

If a table or global secondary index includes a sort key, each item read or written represents two events because DynamoDB is identifying top contributors from separate time series: one for partitions keys only, and one for partition and sort key pairs

For example, assume your application makes the following DynamoDB requests: a GetItem request, a PutItem request, and a Query request that returns 10 items

  • If the table or global secondary index has only a partition key, this will result in 12 events (1 for the GetItem request, 1 for the PutItem request, and 10 for the Query request).

  • If a client makes the same requests to a table with a partition key and sort key, this will result in 24 events (2 for the GetItem request, 2 for the PutItem request, and 20 for the Query request).

Note

Unlike other DynamoDB features, CloudWatch Contributor Insights for DynamoDB billing does not vary based on capacity mode (provisioned vs. on-demand), does not vary based on whether you perform read or write requests, and does not vary based on the size (KB) of the items read or written.