I'm looking at creating an Amazon DynamoDB table that uses user input as it's hash key. I'm concerned that an attacker could launch a denial of service attack by maliciously choosing keys that have the same hash so that lots of data is added to a single partition.
Amazon's article on partitions doesn't address this issue: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/HowItWorks.Partitions.html
Here is an article describing this kind of attack: https://lwn.net/Articles/474912/
This question is sort of similar, but doesn't focus on security, and doesn't have an answer: Is it good to use user-input as partition key value in DynamoDB
You are absolutely correct that a user could, at least in theory craft data to have it all hashed to the same partition. It won't be easy - Amazon doesn't publish the specific algorithm they used for the partition hashing, but neither does it claim that it is cryptographically secure. However, for this to be a problem, it also means that you are allowing this particular user to insert huge amounts of data into your database - isn't that already a problem? Moreover, if your plan is to use user id as a key, this exploit would require an attacker to create a huge number of user ids - again, isn't this already a problem that you'd like to solve higher-up?
In any case, as another layer of security you can indeed solve the problem that bothered you: You can use whatever cryptographically-secure hash function that you choose to hash the user id and use the result of that function as the key you hand to Amazon. This will remove the risk that the malicious user could manufacture collisions.