Enable DynamoDB Table Point-in-Time Recovery Rule
This rule requires enabling point-in-time recovery for DynamoDB tables.
| Rule | DynamoDB table point-in-time recovery should be enabled |
| Framework | GxP EU Annex 11 |
| Severity | ✔ Low |
Rule Description:
This rule ensures that the Amazon DynamoDB table has point-in-time recovery (PITR) enabled for compliance with GxP EU Annex 11, which mandates the preservation of data integrity and traceability in the European Union pharmaceutical industry.
Point-in-time recovery allows you to restore a table to any second within a 35-day window, providing protection against accidental data loss, table corruption, or malicious actions. Enabling PITR for DynamoDB tables in compliance with GxP EU Annex 11 ensures the availability of historic data for auditing purposes and regulatory compliance.
Troubleshooting Steps:
If point-in-time recovery is not enabled for the DynamoDB table, follow these steps to troubleshoot and enable it:
- 1.
Verify whether the table has point-in-time recovery enabled by checking the DynamoDB console or using the AWS Command Line Interface (CLI) command:
aws dynamodb describe-continuous-backups --table-name TableNameReplace
with the actual name of the DynamoDB table.TableName - 2.
If point-in-time recovery is not enabled, enable it using the following AWS CLI command:
aws dynamodb update-continuous-backups --table-name TableName --point-in-time-recovery-specification PointInTimeRecoveryEnabled=TrueEnsure to replace
with the actual name of the DynamoDB table.TableName - 3.
To verify that point-in-time recovery is enabled after running the command, execute the describe command again:
aws dynamodb describe-continuous-backups --table-name TableName - 4.
Ensure that you have the necessary permissions to enable point-in-time recovery in DynamoDB. The IAM user or role associated with the AWS CLI commands should have appropriate permissions for updating continuous backups.
Remediation Steps:
Follow the below steps to enable point-in-time recovery for the DynamoDB table:
- 1.
Open the AWS Management Console and go to the DynamoDB service dashboard.
- 2.
Select the desired table for which you wish to enable point-in-time recovery.
- 3.
Click on the "Continuous backups" tab.
- 4.
Check if the "Continuous backups" option is enabled. If not, click on the "Enable" button.
- 5.
Once enabled, a confirmation message will appear indicating that point-in-time recovery is being enabled.
- 6.
Wait for some time until point-in-time recovery is successfully enabled for the table. This process may take a few minutes.
- 7.
To verify whether point-in-time recovery is active for the table, navigate to the "Continuous backups" tab and check for the "Status" field. It should show as "ENABLED."
- 8.
You have successfully enabled point-in-time recovery for the DynamoDB table in compliance with GxP EU Annex 11.
Please note that enabling point-in-time recovery incurs additional storage costs, so consider reviewing your storage limits and requirements accordingly.
Conclusion:
Enabling point-in-time recovery for the DynamoDB table is crucial for compliance with GxP EU Annex 11. By following the troubleshooting and remediation steps mentioned above, you can ensure that the required PITR feature is enabled, and your data remains intact, recoverable, and compliant with industry regulations.