AWS DynamoDB
AWS DynamoDB is a read-write key-value store that is backed by an AWS DynamoDB table.
Settings
Field | Type | Description | Required |
---|---|---|---|
table | string | the DynamoDB table that items are retrieved from and written to. | Yes |
attributes.partition_key | string | the table's partition key attribute. | Yes |
attributes.value | string | the table attribute where values are stored. | Yes |
attributes.sort_key | string | the table's sort (range) key attribute. this must be used if the table uses a composite primary key schema (partition key and sort key). only string types are supported. | No |
attributes.ttl | string | the table's time-to-live attribute. | No |
Use Cases
Application Caching
Each caching strategy is achievable with the KV Store processor and Substation applications -- this can significantly simplify deployment complexity if dedicated AWS DynamoDB sinks are not needed.
Networked Cache-Aside
A networked cache-aside pattern is available in the Configuration Library that can be used to significantly reduce data processing time caused by high latency processors (such as DNS).
Internal Passive DNS
Pair the KV Store processor with log sources that contain DNS metadata (e.g., Zeek DNS, Suricata DNS, EDR DNS events) and/or the DNS processor to create an internally curated, enterprise-scale passive DNS database. Forward and reverse lookups can be stored in the same table by adjusting the partition key's value depending on the context (use domains for forward lookups and IP addresses for reverse lookups).
Updated over 1 year ago