Rule: DynamoDB tables should be in a backup plan
Ensure that DynamoDB tables are included in a backup plan for data resiliency.
| Rule | DynamoDB tables should be in a backup plan |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ Medium |
Rule Description:
DynamoDB tables used by Federal Financial Institutions Examination Council (FFIEC) should be included in a backup plan to ensure data availability and resilience. Regular backups of the DynamoDB tables should be performed to protect against data loss, accidental deletions, and system failures. This rule aims to ensure that all critical data stored in DynamoDB tables is backed up and can be easily restored in the event of any unforeseen issues.
Troubleshooting Steps:
- 1.
Verify Correct Backup Configuration: Check if the DynamoDB tables used by FFIEC have been correctly included in the backup plan. Ensure that each table has an appropriate backup frequency and retention period defined.
- 2.
Validate Backup Frequency: Review the backup frequency for each DynamoDB table. Ensure that backups are scheduled at regular intervals to minimize the risk of data loss. Adjust the backup frequency if necessary.
- 3.
Review Backup Retention Period: Evaluate the backup retention period for each DynamoDB table. Verify that the retention period aligns with the FFIEC's data retention policies and complies with any relevant regulations. Adjust the retention period if needed.
- 4.
Validate Backup Status: Check the status of the most recent backups for all DynamoDB tables. Ensure that backups are successfully completed without any errors or failures. Investigate and resolve any backup issues reported.
- 5.
Test Data Restoration: Periodically test the process of restoring data from the backups to validate the integrity and availability of the backup files. This step is essential to ensure that data can be effectively restored in case of a disaster or data loss event.
Necessary Codes:
- 1.Create Backup Plan:
aws backup create-backup-plan --backup-plan-name FFIEC_DynamoDB_Backup --rule-name FFIEC_DynamoDB_Rule --schedule-expression "cron(0 12 * * ? *)" --start-window-minutes 120 --backup-vault-name FFIEC_Backup_Vault
- 1.Add DynamoDB Tables to Backup Plan:
aws backup update-backup-plan --backup-plan-id <backup-plan-id> --lifecycle {"MoveToColdStorageAfterDays": "90"} --resource-arns <DynamoDB-table-ARN-1> <DynamoDB-table-ARN-2> ...
- 1.Verify Backup Configuration:
aws backup describe-backup-plan --backup-plan-id <backup-plan-id>
- 1.Restore Data from Backup:
aws backup start-restore-job --recovery-point-arn <recovery-point-ARN> --metadata '{"TableName": "<restored-table-name>"}' --resource-type DynamoDB
Remediation Steps:
- 1.
Identify the backup plan associated with FFIEC DynamoDB tables.
- 2.
Validate the backup frequency and retention period configured for each table.
- 3.
If the backup plan is not in place, create a new backup plan specifically for FFIEC DynamoDB tables using the provided code snippet.
- 4.
Update the backup plan to include the ARNs (Amazon Resource Names) of the DynamoDB tables used by FFIEC.
- 5.
Periodically monitor the backup status of each table to ensure successful backups.
- 6.
Conduct regular tests to restore data from the backups and verify the integrity of the restored data.
- 7.
Adjust backup frequency and retention period as per FFIEC's requirements or any changes in data retention policies.
- 8.
Document all backup and restore procedures, including the relevant CLI commands and specific parameters used.
Conclusion:
By ensuring that DynamoDB tables used by FFIEC are included in a backup plan, organizations can safeguard critical data, comply with regulatory requirements, and protect against potential data loss or system failures. Regularly monitoring and testing the backup and restoration process are crucial steps to ensure the availability and resilience of the data stored in DynamoDB.