Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Protect DynamoDB Table with Backup Plan Rule

This rule ensures DynamoDB table is safeguarded by a backup plan.

RuleDynamoDB table should be protected by backup plan
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
High

Rule Description

The DynamoDB table should be protected by a backup plan that adheres to the guidelines provided by the NIST Cybersecurity Framework (CSF) v1. The CSF is a set of best practices developed by the National Institute of Standards and Technology (NIST) to enhance the security and resilience of critical infrastructure systems.

Troubleshooting Steps

If the backup plan is not implemented or does not comply with the NIST CSF v1 guidelines, follow these troubleshooting steps:

  1. 1.

    Review Backup Plan: Ensure that a backup plan exists for the DynamoDB table in question. Verify if the backup plan aligns with the NIST CSF v1 requirements.

  2. 2.

    Backup Schedule: Check the backup plan to ensure that it includes a schedule for regular backups. The schedule should consider the criticality and sensitivity of the data stored in the DynamoDB table.

  3. 3.

    Backup Retention Period: Verify that the backup plan specifies an appropriate retention period for the backups. The retention period should be defined based on the recovery needs and compliance requirements of the organization.

  4. 4.

    Backup Encryption: Ensure that the backups are encrypted to protect the data from unauthorized access or disclosure. Check if the encryption keys used for backup encryption are managed securely.

  5. 5.

    Testing Backup Restores: It is important to periodically test the restoration of backups to ensure their integrity and effectiveness. Verify if the backup plan includes a process for testing and validating backup restores.

  6. 6.

    Monitoring and Alerting: Implement a monitoring and alerting mechanism to be notified of any backup failures or anomalies. This helps in proactive identification and resolution of backup-related issues.

Necessary Codes

There are no specific codes required for this rule. However, you may need to use AWS CLI commands for configuring and managing the backup plan for DynamoDB tables. Refer to the following step-by-step guide for remediation.

Step-by-Step Guide for Remediation

Please follow the steps below to protect your DynamoDB table by creating a backup plan that complies with the NIST CSF v1 guidelines.

  1. 1.

    Install AWS CLI: If you haven't already installed the AWS Command Line Interface (CLI), follow the instructions provided by AWS to install and configure it on your local machine.

  2. 2.

    Create a Backup Vault: To store the backups, create a backup vault using the AWS CLI command:

    aws backup create-backup-vault --backup-vault-name <vault-name>
    

    Replace

    <vault-name>
    with a unique and descriptive name for your backup vault.

  3. 3.

    Create a Backup Plan: Create a backup plan that includes your DynamoDB table using the AWS CLI command:

    aws backup create-backup-plan --backup-plan <backup-plan-json>
    

    Replace

    <backup-plan-json>
    with a JSON file that contains your backup plan configuration. Ensure that the backup plan adheres to the NIST CSF v1 guidelines, including backup schedule, retention period, and encryption settings.

  4. 4.

    Assign Backup Plan to Table(s): Associate the backup plan with your DynamoDB table using the AWS CLI command:

    aws backup start-backup-job --backup-vault-name <vault-name> --resource-arn <dynamodb-table-arn>
    

    Replace

    <vault-name>
    with the name of the backup vault created in Step 2, and
    <dynamodb-table-arn>
    with the Amazon Resource Name (ARN) of the DynamoDB table you want to protect.

  5. 5.

    Verify Backup Status: Monitor the backup job status using the AWS CLI command:

    aws backup describe-backup-job --backup-job-id <backup-job-id>
    

    Replace

    <backup-job-id>
    with the ID of the backup job obtained from the previous command. Ensure that backups are successfully created and stored in the backup vault.

  6. 6.

    Test Backup Restoration: Periodically test the restoration of backups to ensure their integrity and effectiveness. Use the AWS CLI command:

    aws backup start-restore-job --recovery-point-arn <recovery-point-arn> --metadata <metadata-json>
    

    Replace

    <recovery-point-arn>
    with the ARN of the recovery point obtained from the Describe Backup Job command, and
    <metadata-json>
    with the necessary configuration for the restore operation.

  7. 7.

    Enable Backup Monitoring: Enable monitoring and alerting for backup jobs to receive notifications for any failures or anomalies. Consult the AWS documentation for configuring CloudWatch Events or other applicable monitoring options.

Following these steps will help you protect your DynamoDB table with a backup plan that complies with the NIST CSF v1 guidelines.

Is your System Free of Underlying Vulnerabilities?
Find Out Now