Rule: DynamoDB Tables Should Be in a Backup Plan
Ensure all DynamoDB tables are included in a backup plan to maintain data integrity and recovery options.
| Rule | DynamoDB tables should be in a backup plan |
| Framework | NIST Cybersecurity Framework (CSF) v1.1 |
| Severity | ✔ Medium |
DynamoDB Backup Compliance with NIST Cybersecurity Framework (CSF) v1
The NIST Cybersecurity Framework (CSF) emphasizes the importance of maintaining data integrity and availability through regular backups. As such, it's crucial to include Amazon DynamoDB tables in your organization's backup plan.
Overview of NIST CSF Compliance for DynamoDB
The NIST CSF v1 requires organizations to implement recovery planning and routine data backup processes. For DynamoDB, this implies:
- Ensuring that backups are created regularly and automatically.
- Protecting backup data from unauthorized access.
- Verifying backup integrity and availability.
- Enabling quick restoration in the event of data loss.
Creating DynamoDB Backups for CSF Compliance
Step-by-Step Guide
1. Automated Backup Configuration
- Go to the AWS Management Console.
- Navigate to DynamoDB.
- Select the table you want to back up.
- Choose the 'Backups' tab.
- Click on 'Enable' under Point-in-time recovery (PITR).
2. On-Demand Backup (for individual table)
- Still in the 'Backups' tab, click on 'Create backup'.
- Name your backup and add any necessary tags.
- Click 'Create' to start the backup process.
Necessary AWS CLI Commands
Enable PITR:
aws dynamodb update-continuous-backups --table-name <TableName> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True
Create On-Demand Backup:
aws dynamodb create-backup --table-name <TableName> --backup-name <BackupName>
Verification and Access Control
Verify Backup Integrity
Periodically check the integrity of the backups by restoring a test table from a backup.
Implement IAM Policies for Access Control
Create IAM policies that restrict backup access to authorized personnel only.
CLI Command for Backup Verification (restore to test table)
aws dynamodb restore-table-from-backup --target-table-name <TestTableName> --backup-arn <BackupARN>
Restoration Process
In the event of data loss:
Restoration Steps
- 1.Go to the AWS Management Console.
- 2.In DynamoDB, select 'Backups'.
- 3.Choose the appropriate backup.
- 4.Select 'Restore' to initiate the restoration process.
CLI Command for Table Restoration
aws dynamodb restore-table-to-point-in-time --source-table-name <TableName> --target-table-name <NewTableName> --restore-date-time <RestoreDateTime>
By integrating DynamoDB tables into your backup plan, you help ensure compliance with the NIST Cybersecurity Framework. The process helps protect your data against incidents and aligns with the CSF's goal of maintaining organizational resilience. Accurate implementation and regular verification of backups are crucial steps in this process.