tions used daily for shopping, food, transportation, banking,
entertainment, and so much more. Developers rely on its
ability to scale data workloads while providing steady perfor-
mance, high availability, and low operational complexity. For
more than 10 years, DynamoDB has maintained these key
properties and extended its appeal to application developers
with game-changing features such as on-demand capacity,
point-in-time backup and restore, multi-Region replication,
and atomic transactions.
9 Acknowledgements
DynamoDB has benefited greatly from its customers whose
continuous feedback pushed us to innovate on their behalf. We
have been lucky to have an amazing team working with us on
this journey. We thank Shawn Bice, Rande Blackman, Marc
Brooker, Lewis Bruck, Andrew Certain, Raju Gulabani, James
Hamilton, Long Huang, Yossi Levanoni, David Lutz, Max-
imiliano Maccanti, Rama Pokkunuri, Tony Petrossian, Jim
Scharf, Khawaja Shams, Stefano Stefani, Allan Vermuellen,
Wei Xiao and the entire DynamoDB team for the impact-
ful contributions during the course of this evolution. Many
people have helped to improve this paper. We thank the anony-
mous reviewers who helped shape the paper. Special thanks
to Darcy Jayne, Kiran Reddy, and Andy Warfield for going
above and beyond to help.
References
[1]
Amazon SimpleDB: Simple Database Service.
https://aws.amazon.com/simpledb/.
[2]
AWS Identity and Account Management Service.
https://aws.amazon.com/iam/.
[3]
AWS Key Management Service.
https://aws.amazon.com/kms/.
[4]
Summary of the amazon dynamodb service disrup-
tion and related impacts in the us-east region. 2015.
https://aws.amazon.com/message/5467D2/.
[5]
L. N. Bairavasundaram, A. C. Arpaci-Dusseau, R. H.
Arpaci-Dusseau, G. R. Goodson, and B. Schroeder. An
analysis of data corruption in the storage stack. ACM
Transactions on Storage (TOS), 4(3):1–28, 2008.
[6]
J. Bornholt, R. Joshi, V. Astrauskas, B. Cully, B. Kragl,
S. Markle, K. Sauri, D. Schleit, G. Slatton, S. Tasiran,
J. Van Geffen, and A. Warfield. Using lightweight for-
mal methods to validate a key-value storage node in
amazon s3. In Proceedings of the ACM SIGOPS 28th
Symposium on Operating Systems Principles, SOSP ’21,
page 836–850, New York, NY, USA, 2021. Association
for Computing Machinery.
[7]
C. Constantinescu, I. Parulkar, R. Harper, and S. Micha-
lak. Silent data corruption—myth or reality? In 2008
IEEE International Conference on Dependable Systems
and Networks With FTCS and DCC (DSN), pages 108–
109. IEEE, 2008.
[8]
B. F. Cooper, A. Silberstein, E. Tam, R. Ramakrishnan,
and R. Sears. Benchmarking cloud serving systems
with ycsb. In Proceedings of the 1st ACM symposium
on Cloud computing, pages 143–154, 2010.
[9]
G. DeCandia, D. Hastorun, M. Jampani, G. Kakula-
pati, A. Lakshman, A. Pilchin, S. Sivasubramanian,
P. Vosshall, and W. Vogels. Dynamo: Amazon’s highly
available key-value store. SIGOPS Oper. Syst. Rev.,
41(6):205–220, oct 2007.
[10]
T. Hauer, P. Hoffmann, J. Lunney, D. Ardelean, and
A. Diwan. Meaningful availability. In 17th
{
USENIX
}
Symposium on Networked Systems Design and Imple-
mentation ({NSDI} 20), pages 545–557, 2020.
[11]
P. Huang, C. Guo, L. Zhou, J. R. Lorch, Y. Dang,
M. Chintalapati, and R. Yao. Gray failure: The achilles’
heel of cloud-scale systems. In Proceedings of the 16th
Workshop on Hot Topics in Operating Systems, pages
150–155, 2017.
[12]
L. Lamport. Specifying systems, volume 388. Addison-
Wesley Boston, 2002.
[13]
L. Lamport. The pluscal algorithm language. In Interna-
tional Colloquium on Theoretical Aspects of Computing,
pages 36–60. Springer, 2009.
[14]
L. Lamport et al. Paxos made simple. ACM Sigact News,
32(4):18–25, 2001.
[15]
C. Mohan, D. Haderle, B. Lindsay, H. Pirahesh, and
P. Schwarz. Aries: A transaction recovery method sup-
porting fine-granularity locking and partial rollbacks
using write-ahead logging. ACM Transactions on
Database Systems (TODS), 17(1):94–162, 1992.
[16]
C. Newcombe, T. Rath, F. Zhang, B. Munteanu,
M. Brooker, and M. Deardeuff. How amazon web ser-
vices uses formal methods. Communications of the
ACM, 58(4):66–73, 2015.
[17]
K. Sklower. A tree-based packet routing table for berke-
ley unix. In USENIX Winter, volume 1991, pages 93–99.
Citeseer, 1991.
[18]
B. Weiss and M. Furr. Static stability using availability
zones. https://aws.amazon.com/builders-library/static-
stability-using-availability-zones/.
1048 2022 USENIX Annual Technical Conference USENIX Association