Enable DynamoDB Table Point-in-Time Recovery Rule
This rule states that DynamoDB table point-in-time recovery should be enabled to ensure data safety and recovery options.
| Rule | DynamoDB table point-in-time recovery should be enabled |
| Framework | FedRAMP Low Revision 4 |
| Severity | ✔ Low |
DynamoDB Table Point-in-Time Recovery for FedRAMP Low Revision 4
Rule Description:
DynamoDB is a fully managed NoSQL database service provided by AWS. Point-in-Time Recovery (PITR) is a feature that enables continuous backups of table data. In compliance with FedRAMP Low Revision 4 standards, it is necessary to enable PITR for DynamoDB tables to ensure data durability and availability. This rule ensures that PITR is enabled for all DynamoDB tables in order to meet the required security and compliance standards.
Troubleshooting Steps (if applicable):
If PITR is not enabled for a DynamoDB table, follow these troubleshooting steps:
- 1.Verify IAM Permissions: Ensure that the user or role trying to enable PITR has the necessary permissions to perform this action. The
action is required.dynamodb:UpdateContinuousBackups - 2.Check Table Status: Make sure the DynamoDB table is in an active state and has not been deleted or disabled.
- 3.Supported Regions: Verify that PITR is supported in the region where the DynamoDB table is provisioned. PITR is available only in specific regions. Refer to the AWS documentation for the list of supported regions.
Necessary Code (if applicable):
To enable point-in-time recovery for a DynamoDB table, you can use the AWS Command Line Interface (CLI) or AWS SDKs with the appropriate programming language. Below is the sample code using AWS CLI:
aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True
Replace
<table-name>Step-by-Step Guide for Remediation:
Follow the steps below to enable point-in-time recovery for a DynamoDB table:
- 1.
Launch AWS CLI: Open your preferred terminal or command prompt and ensure that AWS CLI is installed and properly configured with your AWS IAM credentials.
- 2.
Execute Command: Run the following AWS CLI command to enable PITR for the desired DynamoDB table:
aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True
Replace
<table-name>- 1.Verify PITR Status: After executing the command, verify the status of PITR by running the following command:
aws dynamodb describe-continuous-backups --table-name <table-name>
Replace
<table-name>PointInTimeRecoveryDescription- 1.Repeat for Additional Tables: If you have multiple DynamoDB tables that need PITR enabled, repeat steps 2 and 3 for each table.
Conclusion:
Enabling point-in-time recovery for DynamoDB tables helps ensure data durability and availability, meeting the FedRAMP Low Revision 4 compliance requirements. By following the provided steps and using the appropriate AWS CLI command, you can easily enable PITR for your DynamoDB tables, enhancing the security and compliance posture of your AWS infrastructure.