All Collections
Control Tests
Test: NoSQL Cluster Storage Utilization Monitored
Test: NoSQL Cluster Storage Utilization Monitored

Drata inspects your company NoSQL cluster configuration to determine if storage utilization is monitored, with appropriate alerts.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the NoSQL Database Monitored and Alarmed control that ensures your company has implemented tools to monitor NoSQL databases and notify appropriate personnel of any events or incidents based on predetermined criteria.

WHAT TO DO IF A TEST FAILS

If Drata detects that NoSQL cluster storage utilization monitoring is not enabled or that alerts have not been properly set up the test will fail. With a failed test you will receive a list of databases that lack NoSQL cluster storage utilization monitoring or administrative alerts.

To remediate a failed test, you will need to set up and configure NoSQL cluster storage utilization monitoring for the reported databases to ensure they are monitored with alerts being sent to DB admins in an event or incident.

STEPS FOR PASSING

To ensure a validated state when testing for monitoring of NoSQL cluster storage utilization, please follow the steps listed in the table below. Once the provider steps have been completed, navigate back to Drata and execute the test.

NOTE: The Datadog integration does not support this test. There is no need to set up an alarm in Datadog or AWS for DynamoDB NoSQL resources. Drata will automatically pass all AWS DynamoDB instances, since they employ autoscaling.

Provider / Technology

Provider Steps

AWS - DynamoDB

NOTE: This monitoring test will automatically pass all AWS DynamoDB instances, since they employ autoscaling. We've retained the previous CloudWatch alarm instructions for convenience.

Database Creation

  1. Within AWS, go to the DynamoDB service

  2. Create a table

Alarm Creation

  1. Go to CloudWatch

  2. Create Alarm

  3. Click on DynamoDB

  4. Click on Table Metrics

  5. ConsumedWriteCapacityUnits > 10 for 1 datapoints within 1 minutes

    1. 10 is an illustrative example; choose a value that makes sense for your setup

Subscription Confirmation

The subscription to the SNS topic used (or newly created) above must be confirmed for the test to pass.

  1. Go to SNS and select Subscriptions

  2. Click "Create subscription" and reference the newly created topic for the Topic ARN

  3. For Protocol select Email

  4. For Endpoint enter an email address, generally a monitored team inbox

  5. Click "Create subscription" and verify the email that was sent to your provided inbox

Alternatively:

  1. Go to SNS and select Topics

  2. Click the topic name created with the alarm

  3. Under the Subscriptions banner, click the radio button for the topic's subscription

  4. Click "Confirm subscription" and verify the email that was sent to your provided inbox

Azure - CosmosDB

  1. Create an Azure Cosmos DB account

  2. Create an alert rule on that database for "Data Usage"

  3. Add an action to the alert rule & save changes

GCP - Monitoring

  1. Within GCP, go to the Datastore

  2. Create an entity

  3. In monitoring, create an Alert Policy

    1. Resource type is Datastore Request

    2. Metric is Sizes of written entities

      1. For steps 3a-3b, by default the GCP Alert UI may only show "Active" metrics, and you may need to turn that toggle off to see the required option

    3. Select an active notification channel (any except mobile cloud console)

Did this answer your question?