Enable DynamoDB Table Point-in-Time Recovery Rule
This rule highlights the necessity of enabling point-in-time recovery for DynamoDB tables for contingency planning.
| Rule | DynamoDB table point-in-time recovery should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Low |
Rule Description: DynamoDB table point-in-time recovery should be enabled for NIST 800-53 Revision 5.
Enabling point-in-time recovery (PITR) for DynamoDB tables is crucial for ensuring data durability and protection against accidental data loss or deletion. This rule requires that PITR is enabled on DynamoDB tables in compliance with the National Institute of Standards and Technology (NIST) 800-53 Revision 5 security framework.
Troubleshooting Steps: If point-in-time recovery is not enabled for a DynamoDB table, here are the troubleshooting steps you can follow:
- 1.
Verification: Check the current status of PITR for the DynamoDB table by navigating to the AWS Management Console or using the AWS CLI.
AWS Management Console:
- Go to the DynamoDB service in the AWS Management Console.
- Select the respective table.
- Under the "Overview" tab, check if "Point-in-time recovery" is enabled.
AWS CLI: Run the following AWS CLI command to describe the table and check the "PointInTimeRecoveryDescription" attribute:
aws dynamodb describe-table --table-name <table-name> - 2.
Enable Point-in-time Recovery: If PITR is not enabled, follow the steps below to enable it:
AWS Management Console:
- Go to the DynamoDB service in the AWS Management Console.
- Select the respective table.
- Under the "Overview" tab, click on the "Manage point-in-time recovery" button.
- Enable point-in-time recovery and click "Apply changes".
AWS CLI: Run the following AWS CLI command to enable PITR for the DynamoDB table:
aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True - 3.
Verification (Post-enabling): Verify that PITR has been enabled for the DynamoDB table by following the verification steps mentioned in Step 1.
Remediation Steps: To remediate non-compliance with this rule and enable point-in-time recovery for DynamoDB tables:
- 1.
Identify the DynamoDB table(s) without PITR enabled using the troubleshooting steps mentioned above.
- 2.
Enable point-in-time recovery for the identified table(s) by following the steps mentioned in Step 2 of the troubleshooting section.
- 3.
Verify the successful enabling of PITR by following the verification steps mentioned in Step 3 of the troubleshooting section.
By following these steps, you will ensure that point-in-time recovery is enabled for the DynamoDB table(s) in compliance with NIST 800-53 Revision 5.