Rule: DynamoDB Table Protected by Backup Plan

Ensure that your DynamoDB table is protected by implementing a backup plan.

Rule	DynamoDB table should be protected by backup plan
Framework	NIST Cybersecurity Framework (CSF) v1.1
Severity	✔ High

Rule Description

To ensure compliance with the NIST Cybersecurity Framework (CSF) v1, DynamoDB tables should have a backup plan in place. This backup plan is crucial to protect against data loss and ensure business continuity in the event of an incident.

Troubleshooting Steps

In case you encounter any issues or errors while implementing the backup plan for DynamoDB tables, you can follow these troubleshooting steps:

1.
Error: Backup plan creation failed
- Ensure that you have the necessary permissions to create backup plans in your AWS account.
- Check if the DynamoDB table exists and is correctly specified in the backup plan.
- Confirm that there is sufficient available storage for the backups.
- Review the error message for specific details and resolve any reported issues.

2.
Error: Backup plan schedule not working
- Verify that the backup plan's schedule is accurately configured according to your desired frequency.
- Ensure that there are no conflicts with other scheduled tasks or maintenance windows.
- Check if the IAM role associated with the backup plan has the necessary permissions to perform backups.

3.
Error: Backup restoration failed
- Ensure that the backup you are attempting to restore exists and is accessible.
- Confirm that the target DynamoDB table is not actively being used or has any conflicting operations in progress.
- Check for any specific error messages related to the restoration failure and address them accordingly.

Necessary Codes

To implement the backup plan for DynamoDB tables, you will need the following AWS CLI command:

aws backup create-backup-plan --backup-plan-name <backup_plan_name> --rule-name <rule_name> --backup-vault-name <backup_vault_name> --schedule-expression <schedule_expression> --start-window-minutes <start_window_minutes> --completion-window-minutes <completion_window_minutes> --region <region>

Replace the placeholders with the appropriate values:

```
<backup_plan_name>
```
: A unique name for the backup plan.
```
<rule_name>
```
: A name for the backup rule within the backup plan.
```
<backup_vault_name>
```
: The name of the backup vault where the backups will be stored.
```
<schedule_expression>
```
: The Cron expression defining the backup schedule.
```
<start_window_minutes>
```
: The number of minutes before the scheduled time to start the backup.
```
<completion_window_minutes>
```
: The number of minutes allowed for the backup to complete.
```
<region>
```
: The AWS region where the backup plan will be created.

Step-by-step Guide for Remediation

Follow these steps to configure a backup plan for your DynamoDB tables to comply with the NIST Cybersecurity Framework (CSF) v1:

1.

Identify the DynamoDB table: Determine the DynamoDB table(s) that require a backup plan.

2.
Create a backup vault: If you don't have a backup vault, create one to store the backups. You can use the AWS Backup service to create it either through the AWS Management Console or by using the AWS CLI command:
```
aws backup create-backup-vault --backup-vault-name <backup_vault_name> --region <region>
```
.

3.

Generate a backup plan: Create a backup plan that includes the desired schedule and retention period for backups. Use the AWS CLI command mentioned in the "Necessary Codes" section with appropriate values.

4.

Verify the backup plan: Double-check the created backup plan's details and confirm that it accurately reflects your intended settings.

5.

Monitor scheduled backups: Regularly monitor the execution of the backup plan and ensure that backups are occurring as scheduled. Check the AWS Backup service or relevant cloud automation tools for backup status and any reported errors.

6.

Perform backup restoration test: Periodically perform a test restore of the backup to validate its integrity. Confirm that the restored data matches the original DynamoDB table.

By following these steps, you can successfully protect your DynamoDB tables with a backup plan in alignment with the NIST Cybersecurity Framework (CSF) v1.

Rule: DynamoDB Table Protected by Backup Plan

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-step Guide for Remediation

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description

Troubleshooting Steps

Necessary Codes

Step-by-step Guide for Remediation

Is your System Free of Underlying Vulnerabilities?
Find Out Now