Enable DynamoDB Table Point-in-Time Recovery Rule
This rule requires enabling Point-in-Time Recovery for DynamoDB tables for data protection.
| Rule | DynamoDB table point-in-time recovery should be enabled |
| Framework | GxP 21 CFR Part 11 |
| Severity | ✔ Low |
Rule Description: DynamoDB Table Point-in-Time Recovery for GxP 21 CFR Part 11
Rule Overview:
DynamoDB is a managed NoSQL database service provided by Amazon Web Services (AWS). Point-in-Time Recovery (PITR) is a feature in DynamoDB that enables you to restore your table data to any point in time during the retention period. For regulatory compliance purposes, it is necessary to enable Point-in-Time Recovery for GxP (Good Practice) 21 CFR Part 11 applications.
Troubleshooting Steps:
- 1.Check if the DynamoDB table is created using the correct configuration for GxP 21 CFR Part 11 compliance.
- 2.Verify if PITR is already enabled for the DynamoDB table. If not, proceed with enabling it.
- 3.Ensure that the retention period for PITR is set according to the regulatory requirements.
Necessary Code:
To enable Point-in-Time Recovery for a DynamoDB table, you can use the AWS Command Line Interface (CLI) or AWS SDKs. Below is an example of enabling PITR using AWS CLI.
aws dynamodb update-continuous-backups --table-name <table_name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True
Replace
<table_name>Step-by-Step Guide for Remediation:
Step 1: Verify GxP 21 CFR Part 11 Compliance
Ensure that the DynamoDB table is created using the proper configuration for GxP 21 CFR Part 11 compliance. This includes adhering to the required security controls and data management practices.
Step 2: Enable Point-in-Time Recovery
Use the AWS CLI or AWS SDKs to enable Point-in-Time Recovery for the DynamoDB table. Follow the steps below:
- 1.Open your preferred terminal or command prompt.
- 2.Install and configure the AWS CLI if you haven't already.
- 3.Run the following command to enable PITR for the DynamoDB table:
aws dynamodb update-continuous-backups --table-name <table_name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True
Replace
<table_name>Step 3: Set Retention Period
By default, Point-in-Time Recovery retains the backups for 35 days. However, for GxP 21 CFR Part 11 compliance, you may have specific retention period requirements. Follow the steps below to set the desired retention period:
- 1.Determine the required retention period based on regulatory guidelines.
- 2.Open the AWS Management Console and navigate to the DynamoDB service.
- 3.Select the relevant DynamoDB table for which you enabled PITR.
- 4.Click on the "Continuous backups" tab.
- 5.Locate the "Point-in-time recovery settings" section and click on "Edit".
- 6.Set the desired retention period by entering the number of days.
- 7.Click on "Save" to apply the changes.
Step 4: Validate Point-in-Time Recovery (Optional)
You can verify if Point-in-Time Recovery is functioning correctly by performing a test restore. This step is optional but recommended to ensure the integrity of your backups and recovery process.
- 1.Open the AWS Management Console and navigate to the DynamoDB service.
- 2.Select the relevant DynamoDB table for which you enabled PITR.
- 3.Click on the "Continuous backups" tab.
- 4.Locate the "Point-in-time recovery settings" section and note the latest restorable timestamp.
- 5.Click on the "Restore to time" button.
- 6.Enter the latest restorable timestamp or a timestamp within the retention period.
- 7.Select the destination table or create a new one.
- 8.Follow the on-screen instructions to complete the restore process.
Following these steps will help you enable Point-in-Time Recovery for your DynamoDB table and ensure compliance with GxP 21 CFR Part 11 regulations.