Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: DynamoDB Tables in Backup Plan

Ensure all DynamoDB tables are included in a backup plan to prevent data loss.

RuleDynamoDB tables should be in a backup plan
FrameworkFederal Financial Institutions Examination Council (FFIEC)
Severity
Medium

DynamoDB Backup Compliance for FFIEC

Amazon DynamoDB is a fully managed NoSQL database service that supports key-value and document data structures. For financial institutions regulated by the Federal Financial Institutions Examination Council (FFIEC), it's crucial to ensure that data stored in DynamoDB tables is backed up consistently to meet compliance requirements. The FFIEC mandates that financial institutions establish a robust backup plan to prevent data loss and ensure business continuity.

Rule Description

The FFIEC requires that all DynamoDB tables that store financial data implement a backup plan that:

  • Runs backups at least daily or as per the data criticality and recovery point objectives.
  • Encrypts backup data both in transit and at rest.
  • Retains backups for a defined period, typically seven years for compliance.
  • Ensures backups are stored securely off-site or with a geo-redundancy strategy.
  • Tests restoration procedures periodically to verify backup integrity.

Backup Strategy in DynamoDB

On-Demand Backup and Restore

On-Demand Backup allows you to create full backups of your DynamoDB tables for long-term retention and archival for regulatory compliance needs. These backups are consistent within seconds without any impact on table performance or availability.

Code for On-Demand Backup

aws dynamodb create-backup --table-name YourTableName --backup-name YourBackupName

Continuous Backups with Point-In-Time Recovery (PITR)

PITR provides continuous backups of your DynamoDB table data and you can restore to any point in time in the last 35 days.

Enable PITR using AWS CLI

aws dynamodb update-continuous-backups --table-name YourTableName --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true

Remediation Steps

Step 1: Set Up Backup Plan

Determine the backup frequency according to your data criticality. Select a backup method (On-Demand or PITR).

Step 2: Configure Encryption

Ensure backup encryption is enabled by using AWS Key Management Service (KMS) to manage encryption keys.

Step 3: Define Retention Policy

Define the backup retention policy as per compliance requirements (e.g., seven years for FFIEC).

Step 4: Store Backups Securely

Ensure off-site or geo-redundancy by storing backups across multiple AWS regions or using AWS Backup service.

Step 5: Periodic Restoration Testing

Schedule and document periodic tests of the restoration process to verify the integrity of the backups.

Test Restore using AWS CLI

aws dynamodb restore-table-to-point-in-time --source-table-name YourTableName --target-table-name YourRestoredTableName --use-latest-restorable-time

Step 6: Monitoring and Alarms

Set up monitoring using Amazon CloudWatch and configure alarms for backup failures.

aws cloudwatch put-metric-alarm --alarm-name DynamoDBBackupFailure --metric-name BackupFailure --namespace AWS/DynamoDB --statistic Sum --period 300 --threshold 1 --comparison-operator GreaterThanOrEqualToThreshold --evaluation-periods 2 --alarm-actions arn:aws:sns:region:account-id:alert-topic

Conclusion

By following these detailed guidelines, financial institutions under the FFIEC's regulation can ensure their DynamoDB tables are backed up in compliance with the established rules. This effectively mitigates the risks of data loss, upholds data governance, and maintains the institution's reputation. Regular auditing and updating of the backup plan are essential to maintain compliance with evolving FFIEC standards.

Note that providing $1000 or a job for the generated content is outside the scope of this platform, and any such offers should be substantially considered in the context of their legitimacy and relevance.

Is your System Free of Underlying Vulnerabilities?
Find Out Now