Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable DynamoDB Table Point-in-Time Recovery Rule

This rule ensures that DynamoDB table point-in-time recovery is enabled.

RuleDynamoDB table point-in-time recovery should be enabled
FrameworkCISA-cyber-essentials
Severity
Low

DynamoDB Table Point-in-Time Recovery

Description

DynamoDB is a fully managed NoSQL database service provided by Amazon Web Services (AWS). It allows you to create, retrieve, and manage structured data in a secure and scalable manner.

Enabling point-in-time recovery (PITR) for your DynamoDB tables ensures that you can recover your data to a specified time within a 35-day retention period. This provides an additional layer of data protection in case of accidental deletions, application errors, or system failures.

Troubleshooting Steps

If you encounter any issues with DynamoDB table point-in-time recovery, follow these steps to troubleshoot:

  1. 1.

    Verify IAM Permissions: Ensure that you have the necessary AWS Identity and Access Management (IAM) permissions to enable PITR for DynamoDB tables. Specifically, check for the

    dynamodb:EnableContinuousBackups
    and
    dynamodb:UpdateTimeToLive
    permissions.

  2. 2.

    Check Table Status: Confirm that your DynamoDB table is in the

    ACTIVE
    state. If not, wait for the table to become available before enabling PITR.

  3. 3.

    Check PITR Status: Verify if PITR is already enabled for the table. You cannot enable PITR for a table that already has it enabled.

  4. 4.

    Evaluate Table Size: PITR can have an impact on the storage requirements of your DynamoDB table. Ensure that you have sufficient storage capacity available to handle the increased size due to backup storage.

  5. 5.

    Review Retention Policy: Check the retention period set for PITR. By default, DynamoDB retains backups for 35 days. If you need a longer retention period, consider adjusting the

    PointInTimeRecoverySpecification.PointInTimeRecoveryEnabled
    attribute during PITR configuration.

Necessary Code

To enable point-in-time recovery for a DynamoDB table, use the following AWS CLI command:

aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true

You can retrieve the current status of PITR for a table using the

describe-time-to-live
command:

aws dynamodb describe-continuous-backups --table-name <table-name>

Step-by-Step Guide for Remediation

Follow these steps to enable point-in-time recovery for your DynamoDB table:

  1. 1.

    Install and configure the AWS CLI (Command Line Interface) on your local machine.

  2. 2.

    Open the command line interface or terminal.

  3. 3.

    Run the following command to enable PITR for the desired DynamoDB table:

aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true

Replace

<table-name>
with the name of your DynamoDB table.

  1. 1.

    Wait for the command execution to complete. You should receive a success response indicating that point-in-time recovery has been enabled.

  2. 2.

    You can verify the status of PITR for the table by running the following command:

aws dynamodb describe-continuous-backups --table-name <table-name>

Review the output to ensure that

PointInTimeRecoveryDescription.PointInTimeRecoveryStatus
is set to "ENABLED" for the table.

Congratulations! You have successfully enabled point-in-time recovery for your DynamoDB table, providing an additional layer of data protection and recoverability.

Is your System Free of Underlying Vulnerabilities?
Find Out Now