Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: DynamoDB Tables in Backup Plan

Ensure all DynamoDB tables are included in a backup plan for data protection.

RuleDynamoDB tables should be in a backup plan
FrameworkGxP EU Annex 11
Severity
Medium

DynamoDB Backup Compliance for GxP EU Annex 11

Overview of GxP EU Annex 11 and DynamoDB Backup Requirement

GxP EU Annex 11 refers to the European Union's guidelines on Good Manufacturing Practices (GMP) particularly concerning computerized systems. It requires that data which is critical to the quality of pharmaceutical products must be reliably backed up and such backups should be regularly tested to ensure they can be restored.

For AWS DynamoDB, a managed NoSQL database service, meeting the GxP EU Annex 11 requirement means implementing routine backups and validating their integrity.

Implementing Backup Strategy for DynamoDB

Step 1: Enable Automated Backups

AWS DynamoDB supports on-demand and automated backups.

On-Demand Backups:

aws dynamodb create-backup --table-name <YourTableName> --backup-name <YourBackupName>

Replace

<YourTableName>
and
<YourBackupName>
with the name of your DynamoDB table and the desired name for your backup, respectively.

Automated Backups:

  • Go to the AWS Management Console.
  • Navigate to DynamoDB.
  • Select the table you want to back up.
  • In the "Backups" section, turn on "Point-In-Time Recovery."

No AWS CLI command is required for enabling Point-In-Time Recovery as it's a console-based toggle.

Step 2: Regularly Test Backups for Integrity

Ensure backups are functional by performing periodic test restorations.

Restore Command:

aws dynamodb restore-table-from-backup --target-table-name <YourRestoredTableName> --backup-arn <YourBackupARN>

Replace

<YourRestoredTableName>
and
<YourBackupARN>
with the name for the restored table and ARN of your backup.

Step 3: Set Retention Policy for Backups

Define a retention policy that aligns with GxP requirements.

Retention Policy Implementation:

Automated backups with Point-In-Time Recovery have a 35-day retention period by default. For on-demand backups, you may delete them manually or use lifecycle policies if utilizing S3 for storing backups.

Delete an On-Demand Backup:

aws dynamodb delete-backup --backup-arn <YourBackupARN>

Replace

<YourBackupARN>
with the ARN of the backup you wish to delete.

Regular Monitoring and Compliance Documentation

Step 1: Monitor Backup Activity

Enable CloudWatch alarms to monitor successful and failed backup attempts.

Step 2: Maintain Compliance Logs

Use AWS CloudTrail to track actions taken on DynamoDB resources.

AWS CloudTrail Setup:

  • Navigate to AWS CloudTrail in the AWS Management Console.
  • Make sure logging is enabled for DynamoDB events.

Step 3: Document Backup Procedures and Tests

Keep detailed records of backup schedules, testing procedures, and results to demonstrate compliance with GxP EU Annex 11.

Remediation for Backup Failures

If backup or recovery processes fail:

Troubleshooting and Remediation Steps:

  1. 1.
    Check CloudWatch alarms and logs for error messages.
  2. 2.
    Inspect AWS CloudTrail for any unauthorized or failed operations.
  3. 3.
    If Point-In-Time Recovery fails, verify that it's enabled and that you're within the 35-day window.
  4. 4.
    For on-demand backups, confirm that your user has the necessary IAM permissions.
  5. 5.
    Contact AWS Support for assistance if backup or recovery issues persist.

To ensure SEO friendliness without sacrificing precision, the above guide focuses on actionable directives, relevant command-line examples, and keyword optimization around DynamoDB, backups, and GxP EU Annex 11 compliance, which should aid in enhancing search engine rankings for this content.

Is your System Free of Underlying Vulnerabilities?
Find Out Now