This rule ensures that DynamoDB table point-in-time recovery is enabled.
Rule | DynamoDB table point-in-time recovery should be enabled |
Framework | CISA-cyber-essentials |
Severity | ✔ Low |
DynamoDB Table Point-in-Time Recovery
Description
DynamoDB is a fully managed NoSQL database service provided by Amazon Web Services (AWS). It allows you to create, retrieve, and manage structured data in a secure and scalable manner.
Enabling point-in-time recovery (PITR) for your DynamoDB tables ensures that you can recover your data to a specified time within a 35-day retention period. This provides an additional layer of data protection in case of accidental deletions, application errors, or system failures.
Troubleshooting Steps
If you encounter any issues with DynamoDB table point-in-time recovery, follow these steps to troubleshoot:
Verify IAM Permissions: Ensure that you have the necessary AWS Identity and Access Management (IAM) permissions to enable PITR for DynamoDB tables. Specifically, check for the
dynamodb:EnableContinuousBackups
and dynamodb:UpdateTimeToLive
permissions.Check Table Status: Confirm that your DynamoDB table is in the
ACTIVE
state. If not, wait for the table to become available before enabling PITR.Check PITR Status: Verify if PITR is already enabled for the table. You cannot enable PITR for a table that already has it enabled.
Evaluate Table Size: PITR can have an impact on the storage requirements of your DynamoDB table. Ensure that you have sufficient storage capacity available to handle the increased size due to backup storage.
Review Retention Policy: Check the retention period set for PITR. By default, DynamoDB retains backups for 35 days. If you need a longer retention period, consider adjusting the
PointInTimeRecoverySpecification.PointInTimeRecoveryEnabled
attribute during PITR configuration.Necessary Code
To enable point-in-time recovery for a DynamoDB table, use the following AWS CLI command:
aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
You can retrieve the current status of PITR for a table using the
describe-time-to-live
command:aws dynamodb describe-continuous-backups --table-name <table-name>
Step-by-Step Guide for Remediation
Follow these steps to enable point-in-time recovery for your DynamoDB table:
Install and configure the AWS CLI (Command Line Interface) on your local machine.
Open the command line interface or terminal.
Run the following command to enable PITR for the desired DynamoDB table:
aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
Replace
<table-name>
with the name of your DynamoDB table.Wait for the command execution to complete. You should receive a success response indicating that point-in-time recovery has been enabled.
You can verify the status of PITR for the table by running the following command:
aws dynamodb describe-continuous-backups --table-name <table-name>
Review the output to ensure that
PointInTimeRecoveryDescription.PointInTimeRecoveryStatus
is set to "ENABLED" for the table.Congratulations! You have successfully enabled point-in-time recovery for your DynamoDB table, providing an additional layer of data protection and recoverability.