Rule: DynamoDB Tables Should Have Point-in-Time Recovery Enabled
Ensure all DynamoDB tables have point-in-time recovery enabled for enhanced data protection.
| Rule | DynamoDB tables should have point-in-time recovery enabled |
| Framework | AWS Foundational Security Best Practices |
| Severity | ✔ Medium |
Rule Description:
DynamoDB tables should have point-in-time recovery enabled as per AWS Foundational Security Best Practices. Enabling point-in-time recovery in DynamoDB provides continuous backups and allows for easy restore in case of accidental data loss or corruption. This helps to ensure the availability and durability of data stored in DynamoDB tables.
Troubleshooting Steps:
If point-in-time recovery is not enabled for a DynamoDB table, you should follow these steps to troubleshoot and enable it:
Step 1: Verify the current configuration
- 1.Sign in to the AWS Management Console.
- 2.Open the Amazon DynamoDB console.
- 3.Select the region where your DynamoDB table is located.
- 4.In the navigation pane, click on "Tables" to view the list of tables.
- 5.Locate the table for which you want to enable point-in-time recovery and select it.
- 6.In the "Overview" tab, check if the "Point-in-time recovery" is enabled or not.
Step 2: Enable point-in-time recovery
If point-in-time recovery is not enabled, follow these steps to enable it for your DynamoDB table:
- 1.In the table overview page, click on the "Manage continuous backups" button.
- 2.In the "Backup and restore settings" page, click on the "Enable" button to enable point-in-time recovery.
- 3.Configure the settings as per your requirements, including the backup retention period.
- 4.Click on the "Save changes" button to enable point-in-time recovery for the table.
- 5.Wait for some time to enable the feature.
Step 3: Validation
- 1.After a few minutes, go back to the table overview page.
- 2.Verify that point-in-time recovery is now enabled for the DynamoDB table.
Necessary Codes:
There are no specific codes required to enable point-in-time recovery in DynamoDB tables. The process can be done entirely through the AWS Management Console.
Remediation Steps:
To enable point-in-time recovery for a DynamoDB table, follow these step-by-step guide:
- 1.Sign in to the AWS Management Console.
- 2.Open the Amazon DynamoDB console.
- 3.Select the appropriate region where your DynamoDB table is located.
- 4.In the navigation pane, click on "Tables" to view the list of tables.
- 5.Locate the table for which you want to enable point-in-time recovery and select it.
- 6.In the "Overview" tab, verify whether point-in-time recovery is already enabled or not.
- 7.If it's not enabled, click on the "Manage continuous backups" button.
- 8.In the "Backup and restore settings" page, click on the "Enable" button.
- 9.Configure the settings, including the backup retention period, as per your requirements.
- 10.Click on the "Save changes" button to enable point-in-time recovery for the table.
- 11.Wait for a few minutes for the changes to take effect.
- 12.Go back to the table overview page and verify that point-in-time recovery is now enabled.
By following these steps, you can enable point-in-time recovery for DynamoDB tables as per AWS Foundational Security Best Practices. This ensures continuous backups and easy restore in case of any data loss or corruption.