First of all, do you know what region these requests are happening in? If not, then Cost Explorer (assuming this was enabled already) can tell you which region had the highest DynamoDB costs (filter by DynamoDB and group by region).
Then, to see where the requests are coming from, you can look at CloudWatch. This should be able to tell you which table was seeing elevated requests. The default metric storage may only be 2 weeks, so if it was a constant increase, then this should still show you where to look. And you should be able to drill down to see when the requests were happening. These metrics should give you an indication of what is happening and open up for you where to look next.
I would highly recommend reaching out to Customer Services for this type of issue:
Customer Services can work with internal support teams to understand the reason why your consumption increased and if in-fact an attack had happened. Unfortunately I am not in a position to state if CS can cut you some slack in regards to the costs, something you will need to discuss with them.
Going forward, I would strongly advise that you do a number of things:
- Set realistic scaling limits on your tables, ensuring you cannot exceed a given amount will prevent this issue in future
- Ensure that your application is secured by IAM and only authenticated users can access it
- If you use REST API's for access to your resources, impose throttling rules to prevent abuse
- Set alarms in CloudWatch that you get notified (email/slack/other) when your table exceeds capacity for x amount of time.
- You can also set alarms on costs, to notify you if costs surpass a given value for a given month.
Is DynamoDB DeleteItem read-consistent?Accepted Answerasked 9 months ago
DynamoDB: Time frame to avoid stale readasked 9 months ago
Trying to select data with multiple parameters from DynamoDBasked 4 years ago
How to read DynamoDB table using aws lambda function in python?asked 8 months ago
Does DynamoDB `UpdateItem` operation read data with strong consistency while `UpdateExpression` is specified?asked 21 hours ago
Read/Write data from existing dynamoDB table using AWS Amplify with IOS appasked 3 months ago
How to use Amplify Datastore to sync with data from DynamoDB and seed DynamoDB from a Lambaasked 10 months ago
DynamoDB Read Requests went from 80million to 1.2billion. Why / How?asked a month ago
Why does AWS DynamoDB separate RCU and WCUasked a year ago
aws redis vs dynamodb vs rdsasked 4 months ago