Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Enable Point-in-Time Recovery for DynamoDB Tables Rule

This rule ensures that DynamoDB tables have point-in-time recovery enabled.

RuleDynamoDB table point-in-time recovery should be enabled
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Low

Rule Description:

DynamoDB table point-in-time recovery should be enabled for NIST Cybersecurity Framework (CSF) v1.

Enabling point-in-time recovery for DynamoDB tables helps in protecting your data from accidental or malicious deletions or corruptions. It allows you to restore your table to any point in time within a specified retention period, providing an added layer of data protection and recovery capabilities.

This rule specifically focuses on aligning with the NIST Cybersecurity Framework (CSF) v1, which provides guidelines and best practices for managing and securing organizational information systems.

Troubleshooting Steps (if applicable):

If you encounter any issues while enabling point-in-time recovery for your DynamoDB table, follow these troubleshooting steps:

  1. 1.
    Verify DynamoDB table existence: Ensure that the DynamoDB table exists in your AWS account and is spelled correctly.
  2. 2.
    Check IAM permissions: Validate that the IAM user or role used to configure point-in-time recovery has appropriate permissions to access and modify the DynamoDB table.
  3. 3.
    Review table status: Check the status of the DynamoDB table to ensure it is not undergoing any modifications or deletions. It may take a few moments for changes to take effect.
  4. 4.
    Examine retention period: Confirm that the desired retention period for point-in-time recovery is within the allowed limits (minimum 1 day, maximum 35 days).
  5. 5.
    Enable on supported regions: Verify that the AWS region where your DynamoDB table is located supports point-in-time recovery. Not all regions may offer this feature.

If the issue persists after following these troubleshooting steps, consider reaching out to AWS support for further assistance.

Necessary Codes (if applicable):

There are no specific codes for enabling point-in-time recovery for DynamoDB tables. The feature can be enabled using the AWS Management Console, AWS CLI, or the AWS SDKs.

Step-by-Step Guide for Remediation:

To enable point-in-time recovery for your DynamoDB table in line with the NIST Cybersecurity Framework (CSF) v1, follow these steps:

  1. 1.

    AWS Management Console:

    • Log in to the AWS Management Console.
    • Navigate to the DynamoDB service.
    • Select the desired DynamoDB table.
    • Click on the "Manage continuous backups" tab.
    • Click the "Enable" button to enable point-in-time recovery.
    • Set the desired retention period (within the allowed range of 1 to 35 days).
    • Click "Save" to apply the changes.
  2. 2.

    AWS CLI:

    • Open the AWS CLI or use an integrated terminal in an IDE.
    • Run the following command to enable point-in-time recovery for a DynamoDB table:
      aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
      
    • Optionally, you can specify the retention period using the
      --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true,PointInTimeRecoveryRetentionPeriod=<retention-period>
      parameter.
  3. 3.

    AWS SDKs:

    • Utilize the AWS SDK specific to your programming language.
    • Use the appropriate SDK method or API call to enable point-in-time recovery on the DynamoDB table.
    • Ensure to set the desired retention period if supported by the SDK.

By following these steps, you will enable point-in-time recovery for your DynamoDB table, aligning with the NIST Cybersecurity Framework (CSF) v1. This will help protect your data and provide recovery capabilities in case of any accidental or malicious incidents.

Is your System Free of Underlying Vulnerabilities?
Find Out Now