Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable DynamoDB Table Point-in-Time Recovery Rule

This rule ensures that DynamoDB table point-in-time recovery is enabled to maintain data integrity.

RuleDynamoDB table point-in-time recovery should be enabled
FrameworkFedRAMP Moderate Revision 4
Severity
Low

DynamoDB Table Point-in-Time Recovery for FedRAMP Moderate

Point-in-Time Recovery (PITR) is a feature provided by AWS DynamoDB that allows you to restore your DynamoDB table data to any second in time within the last 35 days. Enabling PITR can help you recover from accidental writes or deletes in your DynamoDB table. For FedRAMP Moderate Revision 4 compliance, maintaining this capability is critical to safeguard sensitive data and ensure continuity of operations.

Enabling Point-in-Time Recovery

Step-by-Step Guide

  2. 1.

    AWS Management Console:

    2. 1.
      Navigate to the DynamoDB section of the AWS Management Console.
    4. 2.
      Select the table you want to enable PITR for.
    6. 3.
      In the "Backups" section, click on "Point-in-time recovery".
    8. 4.
      Click the "Enable" button.
  4. 2.

    AWS CLI: Use the 

    update-continuous-backups
    AWS CLI command:

    aws dynamodb update-continuous-backups --table-name YourTableName --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true

    Replace 

    YourTableName
    with the actual name of your DynamoDB table.

  6. 3.

    AWS SDKs: Use the appropriate AWS SDK method for your programming language to enable PITR.

Troubleshooting Steps

If you encounter issues while enabling PITR, consider the following troubleshooting steps:

  2. 1.

    Permissions: Ensure that your IAM role has the necessary permissions to manage DynamoDB backups (

    dynamodb:UpdateContinuousBackups
    ).

  4. 2.

    Resource Existence: Verify that the DynamoDB table exists. If it does not, the update command will not work.

  6. 3.

    CLI/SDK Configuration: Ensure your AWS CLI or SDK is correctly configured with valid access keys, secret keys, and the correct region.

Validation

To confirm that PITR is enabled, do the following:

AWS Management Console

  • Navigate to the "Backups" section of your DynamoDB table, where you should see Point-in-time recovery listed as "Enabled."

AWS CLI

Run the following command to check the PITR status:

aws dynamodb describe-continuous-backups --table-name YourTableName

You should see "PointInTimeRecoveryDescription" with a status of "ENABLED."

Remediation

In the event that you need to restore your table from a PITR backup, use the AWS Management Console or the AWS CLI:

  2. 1.

    AWS Management Console:

    • Navigate to the DynamoDB section.
    • Find the table, click on "Backups", "Point-in-time recovery" and then select "Restore to point in time".
  4. 2.

    AWS CLI: Use the 

    restore-table-to-point-in-time
    command:

    aws dynamodb restore-table-to-point-in-time --source-table-name YourTableName --target-table-name NewTableName --restore-date-time TimeStamp

Replace 

YourTableName
with the source table name, 
NewTableName
with the new table name, and 
TimeStamp
with the desired restore time.

By following these best practices, you can ensure that your DynamoDB tables are compliant with FedRAMP Moderate requirements and are utilizing the PITR feature effectively to safeguard your data.

Is your System Free of Underlying Vulnerabilities?
Find Out Now