Getting started with DynamoDB

Before you begin

You must have permission to create and update a CloudFormation template. Refer to this article for further details about permissions.

Getting started

  1. Connect DynamoDB to Clumio. Refer to this article for details about how to connect your AWS account to Clumio.
  2. Create a backup policy, which controls the frequency of your backups. Refer to this article on how to create your first policy. Additionally, you can find more details about policies in the online help (login required).
  3. Create protection rules, which determine how policy is applied. Refer to Managing protection rules for steps to create a protection rule.


  • Clumio Service limits, which can be found here.

  • Continuous Backups configuration: Allows point-in-time restore for 35 days.

  • DynamoDB Streams related limitations:

    • You must set an hourly SLA in policy configuration.

      • Streams can only retain the data for 24 hours. As a result, we are supposed to backup at least once (twice, to account for unexpected failures) in every 24 hours window. This is enforced in the Policy SLA configuration screen.
  • WCU limit capping from AWS when Streams is enabled.

    • The default WCU limit is 40,000. However, you have an option to request quota increase through AWS.
    • Once Streams is enabled on the table, the WCU limit is capped at 40,000. Tables with a higher WCU configuration will have a performance impact if Streams is enabled due to the WCU capping.
  • Support for DynamoDB global tables involves having a single backup across all the region replicas. This would require all such account:regions to be in the same OU.

Useful information

  • Clumio uses DynamoDB Streams to capture changed data during incremental backups.
  • Clumio supports two restore flows based on the Local Secondary Index (LSI) configuration for the table at the time of backup:
    • Using ImportTable API
      • This is a cost-efficient approach and is the default choice, IF no LSIs existed at the time of backup. As a result, the Include local secondary indices checkbox will be disabled (cannot be checked).
    • Using AWS Glue ETF
      • This is a relatively cost-inefficient approach, and will only be offered IF at least one LSI existed at the time of backup. As a result, the Include local secondary indices checkbox will be checked.
      • If you do not need LSI post restore, you may choose to uncheck the Include local secondary indices option for a cost-efficient restore.
  • Granular Recovery: The Granular Recovery modal offers an interface to query, preview and initiate the records retrieval in CSV format.
    • The respective partition and sort key attribute names are rendered and the admin is expected to provide the exact partition to be queried, and optionally the sort key with its filters.
    • The Advanced Mode enables to further narrow-down the query by allowing to filter on other item attributes.
    • In order to not reveal the entire data upfront during preview from a security standpoint, we mask the data for the remaining attributes.
    • Direct Download - The CSV file is made available for download from the Restored Records tab on the asset details page.
    • Transparent Data Access (TDA) - The CSV file gets emailed to the recipients and can only be opened up using a passcode (displayed on the UI in the next screen).
  • On-demand backups represent single backups that are manually generated at any point in time and retained in Clumio. You can take SecureVault Backups or Snaps on-demand. For more information, see the online help.


Contact [email protected] with any questions or concerns.