From 471bd218406e2928154e2e304a031870478fe1eb Mon Sep 17 00:00:00 2001
From: Anna Shcherbak <Anna_Shcherbak@epam.com>
Date: Fri, 15 Sep 2023 15:11:36 +0300
Subject: [PATCH] new: added policy ecc-aws-552-dynamodb_tables_unused

---
 iam/All-permissions.json                      |  1 +
 .../ecc-aws-552-dynamodb_tables_unused.yml    | 46 +++++++++++++++++++
 .../green/dynamodb.tf                         | 28 +++++++++++
 .../green/provider.tf                         |  2 +-
 .../green/terraform.tfvars                    |  0
 .../green/variables.tf                        |  0
 .../iam/552-policy.json}                      |  6 ++-
 .../red/dynamodb.tf                           | 13 ++++++
 .../red/provider.tf                           |  2 +-
 .../red/terraform.tfvars                      |  0
 .../red/variables.tf                          |  0
 .../green/waf.tf                              | 34 --------------
 .../red/waf.tf                                |  4 --
 .../dynamodb.DescribeTable_1.json             | 42 +++++++++++++++++
 .../placebo-green/dynamodb.ListTables_1.json  |  9 ++++
 .../monitoring.GetMetricStatistics_1.json     | 23 ++++++++++
 .../monitoring.GetMetricStatistics_2.json     | 23 ++++++++++
 .../placebo-green/tagging.GetResources_1.json | 22 +++++++++
 .../placebo-red/dynamodb.DescribeTable_1.json | 42 +++++++++++++++++
 .../placebo-red/dynamodb.ListTables_1.json    |  9 ++++
 .../monitoring.GetMetricStatistics_1.json     | 23 ++++++++++
 .../monitoring.GetMetricStatistics_2.json     | 23 ++++++++++
 .../placebo-red/tagging.GetResources_1.json   | 22 +++++++++
 .../red_policy_test.py                        | 11 +++++
 24 files changed, 343 insertions(+), 42 deletions(-)
 create mode 100644 policies/ecc-aws-552-dynamodb_tables_unused.yml
 create mode 100644 terraform/ecc-aws-552-dynamodb_tables_unused/green/dynamodb.tf
 rename terraform/{ecc-aws-916-waf_global_rulegroup_not_empty => ecc-aws-552-dynamodb_tables_unused}/green/provider.tf (78%)
 rename terraform/{ecc-aws-916-waf_global_rulegroup_not_empty => ecc-aws-552-dynamodb_tables_unused}/green/terraform.tfvars (100%)
 rename terraform/{ecc-aws-916-waf_global_rulegroup_not_empty => ecc-aws-552-dynamodb_tables_unused}/green/variables.tf (100%)
 rename terraform/{ecc-aws-916-waf_global_rulegroup_not_empty/iam/916-policy.json => ecc-aws-552-dynamodb_tables_unused/iam/552-policy.json} (51%)
 create mode 100644 terraform/ecc-aws-552-dynamodb_tables_unused/red/dynamodb.tf
 rename terraform/{ecc-aws-916-waf_global_rulegroup_not_empty => ecc-aws-552-dynamodb_tables_unused}/red/provider.tf (78%)
 rename terraform/{ecc-aws-916-waf_global_rulegroup_not_empty => ecc-aws-552-dynamodb_tables_unused}/red/terraform.tfvars (100%)
 rename terraform/{ecc-aws-916-waf_global_rulegroup_not_empty => ecc-aws-552-dynamodb_tables_unused}/red/variables.tf (100%)
 delete mode 100644 terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/waf.tf
 delete mode 100644 terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/waf.tf
 create mode 100644 tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/dynamodb.DescribeTable_1.json
 create mode 100644 tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/dynamodb.ListTables_1.json
 create mode 100644 tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/monitoring.GetMetricStatistics_1.json
 create mode 100644 tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/monitoring.GetMetricStatistics_2.json
 create mode 100644 tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/dynamodb.DescribeTable_1.json
 create mode 100644 tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/dynamodb.ListTables_1.json
 create mode 100644 tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/monitoring.GetMetricStatistics_1.json
 create mode 100644 tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/monitoring.GetMetricStatistics_2.json
 create mode 100644 tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/tagging.GetResources_1.json
 create mode 100644 tests/ecc-aws-552-dynamodb_tables_unused/red_policy_test.py

diff --git a/iam/All-permissions.json b/iam/All-permissions.json
index a9622fae7..73d519d7d 100644
--- a/iam/All-permissions.json
+++ b/iam/All-permissions.json
@@ -27,6 +27,7 @@
                 "cloudtrail:DescribeTrails",
                 "cloudtrail:GetEventSelectors",
                 "cloudtrail:GetTrailStatus",
+                "cloudwatch:GetMetricStatistics",
                 "cloudwatch:DescribeAlarms",
                 "codebuild:BatchGetProjects",
                 "codebuild:ListProjects",
diff --git a/policies/ecc-aws-552-dynamodb_tables_unused.yml b/policies/ecc-aws-552-dynamodb_tables_unused.yml
new file mode 100644
index 000000000..657de2102
--- /dev/null
+++ b/policies/ecc-aws-552-dynamodb_tables_unused.yml
@@ -0,0 +1,46 @@
+# Copyright (c) 2023 EPAM Systems, Inc.
+#
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+
+
+policies:
+  - name: ecc-aws-552-dynamodb_tables_unused
+    comment: '010002062000'
+    description: |
+      Unused Amazon DynamoDB tables
+    resource: aws.dynamodb-table
+    filters:
+    - and:
+      - type: value
+        key: ProvisionedThroughput.ReadCapacityUnits
+        op: ne
+        value: 0
+      - type: value
+        key: TableStatus
+        value: ACTIVE
+      - type: value
+        key: CreationDateTime
+        value_type: age
+        value: 60
+        op: ge
+      - or:
+        - type: value
+          key: ItemCount
+          value: 0
+        - and:
+          - type: metrics
+            name: ConsumedWriteCapacityUnits
+            namespace: AWS/DynamoDB
+            statistics: Maximum
+            days: 60
+            value: 0
+            op: equal
+          - type: metrics
+            name: ConsumedReadCapacityUnits
+            namespace: AWS/DynamoDB
+            statistics: Maximum
+            days: 60
+            value: 0
+            op: equal
\ No newline at end of file
diff --git a/terraform/ecc-aws-552-dynamodb_tables_unused/green/dynamodb.tf b/terraform/ecc-aws-552-dynamodb_tables_unused/green/dynamodb.tf
new file mode 100644
index 000000000..2c9bad15d
--- /dev/null
+++ b/terraform/ecc-aws-552-dynamodb_tables_unused/green/dynamodb.tf
@@ -0,0 +1,28 @@
+resource "aws_dynamodb_table" "this" {
+  name         = "552_dynamodb_table_green"
+  hash_key     = "GreenTableHashKey"
+  billing_mode = "PROVISIONED"
+  read_capacity  = 1
+  write_capacity = 1
+
+
+  attribute {
+    name = "GreenTableHashKey"
+    type = "S"
+  }
+}
+
+resource "aws_dynamodb_table_item" "this" {
+  table_name = aws_dynamodb_table.this.name
+  hash_key   = aws_dynamodb_table.this.hash_key
+
+  item = <<ITEM
+{
+  "GreenTableHashKey": {"S": "something"},
+  "one": {"N": "11111"},
+  "two": {"N": "22222"},
+  "three": {"N": "33333"},
+  "four": {"N": "44444"}
+}
+ITEM
+}
\ No newline at end of file
diff --git a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/provider.tf b/terraform/ecc-aws-552-dynamodb_tables_unused/green/provider.tf
similarity index 78%
rename from terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/provider.tf
rename to terraform/ecc-aws-552-dynamodb_tables_unused/green/provider.tf
index 0d6c07956..89168e265 100644
--- a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/provider.tf
+++ b/terraform/ecc-aws-552-dynamodb_tables_unused/green/provider.tf
@@ -13,7 +13,7 @@ provider "aws" {
 
   default_tags {
     tags = {
-      CustodianRule    = "ecc-aws-916-waf_global_rulegroup_not_empty"
+      CustodianRule    = "ecc-aws-552-dynamodb_tables_unused"
       ComplianceStatus = "Green"
     }
   }
diff --git a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/terraform.tfvars b/terraform/ecc-aws-552-dynamodb_tables_unused/green/terraform.tfvars
similarity index 100%
rename from terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/terraform.tfvars
rename to terraform/ecc-aws-552-dynamodb_tables_unused/green/terraform.tfvars
diff --git a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/variables.tf b/terraform/ecc-aws-552-dynamodb_tables_unused/green/variables.tf
similarity index 100%
rename from terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/variables.tf
rename to terraform/ecc-aws-552-dynamodb_tables_unused/green/variables.tf
diff --git a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/iam/916-policy.json b/terraform/ecc-aws-552-dynamodb_tables_unused/iam/552-policy.json
similarity index 51%
rename from terraform/ecc-aws-916-waf_global_rulegroup_not_empty/iam/916-policy.json
rename to terraform/ecc-aws-552-dynamodb_tables_unused/iam/552-policy.json
index 64dcc8008..4f1e56db8 100644
--- a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/iam/916-policy.json
+++ b/terraform/ecc-aws-552-dynamodb_tables_unused/iam/552-policy.json
@@ -4,8 +4,10 @@
         {
             "Effect": "Allow",
             "Action": [
-                "waf:ListActivatedRulesInRuleGroup",
-                "waf:ListRuleGroups"
+                "dynamodb:ListTables",
+                "dynamodb:DescribeTable",
+                "tag:GetResources",
+                "cloudwatch:GetMetricStatistics"
             ],
             "Resource": "*"
         }
diff --git a/terraform/ecc-aws-552-dynamodb_tables_unused/red/dynamodb.tf b/terraform/ecc-aws-552-dynamodb_tables_unused/red/dynamodb.tf
new file mode 100644
index 000000000..0c7ff3b89
--- /dev/null
+++ b/terraform/ecc-aws-552-dynamodb_tables_unused/red/dynamodb.tf
@@ -0,0 +1,13 @@
+resource "aws_dynamodb_table" "this" {
+  name         = "552_dynamodb_table_red"
+  hash_key     = "GreenTableHashKey"
+  billing_mode = "PROVISIONED"
+  read_capacity  = 1
+  write_capacity = 1
+
+
+  attribute {
+    name = "GreenTableHashKey"
+    type = "S"
+  }
+}
diff --git a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/provider.tf b/terraform/ecc-aws-552-dynamodb_tables_unused/red/provider.tf
similarity index 78%
rename from terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/provider.tf
rename to terraform/ecc-aws-552-dynamodb_tables_unused/red/provider.tf
index 1dc02875b..bd338a8ae 100644
--- a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/provider.tf
+++ b/terraform/ecc-aws-552-dynamodb_tables_unused/red/provider.tf
@@ -13,7 +13,7 @@ provider "aws" {
 
   default_tags {
     tags = {
-      CustodianRule     = "ecc-aws-916-waf_global_rulegroup_not_empty"
+      CustodianRule    = "ecc-aws-552-dynamodb_tables_unused"
       ComplianceStatus = "Red"
     }
   }
diff --git a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/terraform.tfvars b/terraform/ecc-aws-552-dynamodb_tables_unused/red/terraform.tfvars
similarity index 100%
rename from terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/terraform.tfvars
rename to terraform/ecc-aws-552-dynamodb_tables_unused/red/terraform.tfvars
diff --git a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/variables.tf b/terraform/ecc-aws-552-dynamodb_tables_unused/red/variables.tf
similarity index 100%
rename from terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/variables.tf
rename to terraform/ecc-aws-552-dynamodb_tables_unused/red/variables.tf
diff --git a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/waf.tf b/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/waf.tf
deleted file mode 100644
index 71590535f..000000000
--- a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/green/waf.tf
+++ /dev/null
@@ -1,34 +0,0 @@
-resource "aws_waf_ipset" "this" {
-  name = "916_ipset_green"
-
-  ip_set_descriptors {
-    type  = "IPV4"
-    value = "1.1.1.0/24"
-  }
-}
-
-resource "aws_waf_rule" "this" {
-  name        = "916_waf_rule_green"
-  metric_name = "916WafRuleMetricGreen"
-
-   predicates {
-    data_id = aws_waf_ipset.this.id
-    negated = false
-    type    = "IPMatch"
-  }
-  depends_on  = [aws_waf_ipset.this]
-}
-
-resource "aws_waf_rule_group" "this" {
-  name        = "916_waf_rule_group_green"
-  metric_name = "916WafRuleGroupMetricGreen"
-
-  activated_rule {
-    action {
-      type = "ALLOW"
-    }
-
-    priority = 1
-    rule_id  = aws_waf_rule.this.id
-  }
-}
diff --git a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/waf.tf b/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/waf.tf
deleted file mode 100644
index 406e01b9a..000000000
--- a/terraform/ecc-aws-916-waf_global_rulegroup_not_empty/red/waf.tf
+++ /dev/null
@@ -1,4 +0,0 @@
-resource "aws_waf_rule_group" "this" {
-  name        = "916_waf_rule_group_red"
-  metric_name = "916WafRuleGroupMetricRed"
-}
diff --git a/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/dynamodb.DescribeTable_1.json b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/dynamodb.DescribeTable_1.json
new file mode 100644
index 000000000..654775f33
--- /dev/null
+++ b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/dynamodb.DescribeTable_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Table": {
+            "AttributeDefinitions": [
+                {
+                    "AttributeName": "GreenTableHashKey",
+                    "AttributeType": "S"
+                }
+            ],
+            "TableName": "552_dynamodb_table_green",
+            "KeySchema": [
+                {
+                    "AttributeName": "GreenTableHashKey",
+                    "KeyType": "HASH"
+                }
+            ],
+            "TableStatus": "ACTIVE",
+            "CreationDateTime": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 3,
+                "day": 14,
+                "hour": 16,
+                "minute": 44,
+                "second": 5,
+                "microsecond": 334000
+            },
+            "ProvisionedThroughput": {
+                "NumberOfDecreasesToday": 0,
+                "ReadCapacityUnits": 1,
+                "WriteCapacityUnits": 1
+            },
+            "TableSizeBytes": 57,
+            "ItemCount": 1,
+            "TableArn": "arn:aws:dynamodb:us-east-1:123456789012:table/552_dynamodb_table_green",
+            "TableId": "352e6eb5-5243-487d-8b54-8d99a47658ad",
+            "DeletionProtectionEnabled": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/dynamodb.ListTables_1.json b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/dynamodb.ListTables_1.json
new file mode 100644
index 000000000..bbc9a2357
--- /dev/null
+++ b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/dynamodb.ListTables_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "TableNames": [
+            "552_dynamodb_table_green"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/monitoring.GetMetricStatistics_1.json b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/monitoring.GetMetricStatistics_1.json
new file mode 100644
index 000000000..51da85df6
--- /dev/null
+++ b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/monitoring.GetMetricStatistics_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Label": "ConsumedWriteCapacityUnits",
+        "Datapoints": [
+            {
+                "Timestamp": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 7,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "Maximum": 1.0,
+                "Unit": "Count"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/monitoring.GetMetricStatistics_2.json b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/monitoring.GetMetricStatistics_2.json
new file mode 100644
index 000000000..0c803b7bb
--- /dev/null
+++ b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/monitoring.GetMetricStatistics_2.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Label": "ConsumedReadCapacityUnits",
+        "Datapoints": [
+            {
+                "Timestamp": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 6,
+                    "day": 17,
+                    "hour": 7,
+                    "minute": 0,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "Maximum": 0.5,
+                "Unit": "Count"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/tagging.GetResources_1.json b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/tagging.GetResources_1.json
new file mode 100644
index 000000000..55a50c5da
--- /dev/null
+++ b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-green/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:dynamodb:us-east-1:123456789012:table/552_dynamodb_table_green",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-552-dynamodb_tables_unused"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Green"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/dynamodb.DescribeTable_1.json b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/dynamodb.DescribeTable_1.json
new file mode 100644
index 000000000..9dee2ab4e
--- /dev/null
+++ b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/dynamodb.DescribeTable_1.json
@@ -0,0 +1,42 @@
+{
+    "status_code": 200,
+    "data": {
+        "Table": {
+            "AttributeDefinitions": [
+                {
+                    "AttributeName": "GreenTableHashKey",
+                    "AttributeType": "S"
+                }
+            ],
+            "TableName": "552_dynamodb_table_red",
+            "KeySchema": [
+                {
+                    "AttributeName": "GreenTableHashKey",
+                    "KeyType": "HASH"
+                }
+            ],
+            "TableStatus": "ACTIVE",
+            "CreationDateTime": {
+                "__class__": "datetime",
+                "year": 2023,
+                "month": 2,
+                "day": 15,
+                "hour": 10,
+                "minute": 30,
+                "second": 45,
+                "microsecond": 876000
+            },
+            "ProvisionedThroughput": {
+                "NumberOfDecreasesToday": 0,
+                "ReadCapacityUnits": 1,
+                "WriteCapacityUnits": 1
+            },
+            "TableSizeBytes": 0,
+            "ItemCount": 0,
+            "TableArn": "arn:aws:dynamodb:us-east-1:123456789012:table/552_dynamodb_table_red",
+            "TableId": "0918e866-a87a-42fd-be35-f8d7b4f29632",
+            "DeletionProtectionEnabled": false
+        },
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/dynamodb.ListTables_1.json b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/dynamodb.ListTables_1.json
new file mode 100644
index 000000000..a9d469ff9
--- /dev/null
+++ b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/dynamodb.ListTables_1.json
@@ -0,0 +1,9 @@
+{
+    "status_code": 200,
+    "data": {
+        "TableNames": [
+            "552_dynamodb_table_red"
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/monitoring.GetMetricStatistics_1.json b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/monitoring.GetMetricStatistics_1.json
new file mode 100644
index 000000000..0f8aac67f
--- /dev/null
+++ b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/monitoring.GetMetricStatistics_1.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Label": "ConsumedWriteCapacityUnits",
+        "Datapoints": [
+            {
+                "Timestamp": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 7,
+                    "day": 17,
+                    "hour": 7,
+                    "minute": 35,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "Maximum": 0.0,
+                "Unit": "Count"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/monitoring.GetMetricStatistics_2.json b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/monitoring.GetMetricStatistics_2.json
new file mode 100644
index 000000000..df57fbc4f
--- /dev/null
+++ b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/monitoring.GetMetricStatistics_2.json
@@ -0,0 +1,23 @@
+{
+    "status_code": 200,
+    "data": {
+        "Label": "ConsumedReadCapacityUnits",
+        "Datapoints": [
+            {
+                "Timestamp": {
+                    "__class__": "datetime",
+                    "year": 2023,
+                    "month": 7,
+                    "day": 17,
+                    "hour": 7,
+                    "minute": 35,
+                    "second": 0,
+                    "microsecond": 0
+                },
+                "Maximum": 0.0,
+                "Unit": "Count"
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/tagging.GetResources_1.json b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/tagging.GetResources_1.json
new file mode 100644
index 000000000..54c521c11
--- /dev/null
+++ b/tests/ecc-aws-552-dynamodb_tables_unused/placebo-red/tagging.GetResources_1.json
@@ -0,0 +1,22 @@
+{
+    "status_code": 200,
+    "data": {
+        "PaginationToken": "",
+        "ResourceTagMappingList": [
+            {
+                "ResourceARN": "arn:aws:dynamodb:us-east-1:123456789012:table/552_dynamodb_table_red",
+                "Tags": [
+                    {
+                        "Key": "CustodianRule",
+                        "Value": "ecc-aws-552-dynamodb_tables_unused"
+                    },
+                    {
+                        "Key": "ComplianceStatus",
+                        "Value": "Red"
+                    }
+                ]
+            }
+        ],
+        "ResponseMetadata": {}
+    }
+}
\ No newline at end of file
diff --git a/tests/ecc-aws-552-dynamodb_tables_unused/red_policy_test.py b/tests/ecc-aws-552-dynamodb_tables_unused/red_policy_test.py
new file mode 100644
index 000000000..72a3c8a0a
--- /dev/null
+++ b/tests/ecc-aws-552-dynamodb_tables_unused/red_policy_test.py
@@ -0,0 +1,11 @@
+class PolicyTest(object):
+ 
+   def test_resources(self, base_test, resources):
+        base_test.assertEqual(len(resources), 1)
+        base_test.assertEqual(resources[0]["ProvisionedThroughput"]["ReadCapacityUnits"], 1)
+        base_test.assertEqual(resources[0]["TableStatus"], "ACTIVE")
+        base_test.assertIn("CreationDateTime", resources[0]["c7n:MatchedFilters"])
+        base_test.assertEqual(resources[0]["ItemCount"], 0)
+        base_test.assertEqual(resources[0]["c7n.metrics"]["AWS/DynamoDB.ConsumedWriteCapacityUnits.Maximum.60"][0]["Maximum"], 0.0)
+        base_test.assertEqual(resources[0]["c7n.metrics"]["AWS/DynamoDB.ConsumedReadCapacityUnits.Maximum.60"][0]["Maximum"], 0.0)
+        
\ No newline at end of file