Rule: DynamoDB Table Point-In-Time Recovery Enabled
Ensure that DynamoDB table point-in-time recovery is enabled for data protection.
| Rule | DynamoDB table point-in-time recovery should be enabled |
| Framework | CISA-cyber-essentials |
| Severity | ✔ Low |
DynamoDB Table Point-in-Time Recovery
Description
DynamoDB is a fully managed NoSQL database service provided by Amazon Web Services (AWS). To ensure data durability and recovery in case of accidental deletes or updates, it is recommended to enable Point-in-Time Recovery (PITR) for DynamoDB tables. PITR allows you to restore the table to any point within a specified retention period, typically up to 35 days.
It is specifically important for organizations that adhere to the CISA Cyber Essentials framework to enable PITR for their DynamoDB tables. This helps enhance data protection, support incident response activities, and comply with regulatory requirements.
Troubleshooting Steps
No specific troubleshooting steps are required for enabling DynamoDB table Point-in-Time Recovery. However, if you encounter any issues during the process, please refer to the following guidelines:
- 1.Verify that you have the necessary permissions to enable PITR for DynamoDB tables. Make sure your IAM user or role has the required privileges.
- 2.Check if the table you want to enable PITR for is in the correct region and is in an active state.
- 3.Ensure that the retention period for PITR is set appropriately based on your organization's requirements and compliance regulations.
Necessary Codes
No specific codes are required to enable DynamoDB table Point-in-Time Recovery. The configuration can be done entirely through the AWS Management Console or AWS Command Line Interface (CLI).
Step-by-Step Guide for Enabling DynamoDB Table Point-in-Time Recovery
AWS Management Console:
- 1.Log in to the AWS Management Console.
- 2.Navigate to the DynamoDB service.
- 3.Select the desired region from the top-right corner if not already selected.
- 4.In the navigation pane, click on "Tables" and select the table for which you want to enable PITR.
- 5.Click on the "Backups and restores" tab.
- 6.Under the "Point-in-time recovery" section, click on "Enable automatic backups".
- 7.Set the retention period as per your organization's requirements.
- 8.Click on the "Enable" button to enable PITR for the selected table.
AWS CLI:
- 1.Open the AWS CLI or any terminal with AWS CLI configured.
- 2.Run the following command to enable PITR for a DynamoDB table:
Replaceaws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
with the name of the DynamoDB table for which you want to enable PITR.<table-name> - 3.If the command is successful, the table's PointInTimeRecoveryDescription attribute in the output will be set to "ENABLED."
Conclusion
Enabling DynamoDB table Point-in-Time Recovery is crucial for organizations, especially for those conforming to the CISA Cyber Essentials framework. It provides an additional layer of data recovery and helps meet compliance requirements. By following the provided step-by-step guide, you can easily enable PITR for your DynamoDB tables, enhancing data protection and aiding incident response activities.