Enable DynamoDB Table Point-In-Time Recovery Rule
This rule ensures that DynamoDB table point-in-time recovery is enabled.
| Rule | DynamoDB table point-in-time recovery should be enabled |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ Low |
Rule Description:
DynamoDB table point-in-time recovery should be enabled for NIST Cybersecurity Framework (CSF) v1.
Enabling point-in-time recovery for DynamoDB tables is an important security measure to ensure data protection and recovery in case of accidental modification or deletion. This rule specifically requires the implementation of point-in-time recovery for DynamoDB tables in alignment with the NIST Cybersecurity Framework (CSF) version 1.
Troubleshooting Steps:
If point-in-time recovery is not enabled for the DynamoDB table or if the configuration is incorrect, follow these troubleshooting steps:
- 1.
Check if point-in-time recovery is enabled for the DynamoDB table:
- Access the AWS Management Console or use the AWS Command Line Interface (CLI) to log in to your AWS account.
- Navigate to the DynamoDB service.
- Locate the specific table in question and select it.
- Look for the "Point-in-time Recovery" option and ensure it is enabled.
- 2.
Verify the DynamoDB table is associated with the correct backup settings:
- In the DynamoDB console, select the desired table.
- Open the "Overview" tab.
- Under "Backup/Restore" section, ensure that point-in-time recovery is enabled.
- If not enabled, click on "Manage Continuous Backups" to enable point-in-time recovery.
- 3.
Check if the desired backup retention period is set:
- In the DynamoDB console, select the desired table.
- Open the "Overview" tab.
- Under "Backup/Restore" section, verify the backup retention period.
- If the retention period does not meet the requirements of the NIST CSF v1, Edit the "Continuous Backups" settings and increase the retention period.
Necessary Codes:
There are no specific codes needed to enable point-in-time recovery for a DynamoDB table as it can be done through the AWS Management Console or CLI. However, here is an example of AWS CLI command to enable point-in-time recovery for a DynamoDB table:
aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True
Replace
<table-name>Step-by-Step Guide for Remediation:
To enable point-in-time recovery for a DynamoDB table in alignment with the NIST CSF v1, follow these steps:
- 1.
Using AWS Management Console:
- Log in to your AWS account.
- Navigate to the DynamoDB service.
- Select the desired DynamoDB table.
- In the "Overview" tab, under "Backup/Restore" section, click on "Manage Continuous Backups".
- Enable point-in-time recovery by selecting the option to enable.
- Set the desired backup retention period as per the requirements of the NIST CSF v1.
- Save the changes.
- 2.
Using AWS CLI:
- Install and configure the AWS CLI if not already done.
- Open a command prompt or terminal.
- Execute the following command, replacing
with the actual name of the DynamoDB table:<table-name>aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True - Verify the command executed successfully and the point-in-time recovery is enabled for the specified DynamoDB table.
Ensure to validate the successful remediation by verifying if the point-in-time recovery is enabled for the DynamoDB table aligned with the NIST CSF v1 requirements.