Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: DynamoDB Tables Should Be in a Backup Plan

Ensure all DynamoDB tables are included in a backup plan to maintain data integrity and recovery options.

RuleDynamoDB tables should be in a backup plan
FrameworkNIST Cybersecurity Framework (CSF) v1.1
Severity
Medium

DynamoDB Backup Compliance with NIST Cybersecurity Framework (CSF) v1

The NIST Cybersecurity Framework (CSF) emphasizes the importance of maintaining data integrity and availability through regular backups. As such, it's crucial to include Amazon DynamoDB tables in your organization's backup plan.

Overview of NIST CSF Compliance for DynamoDB

The NIST CSF v1 requires organizations to implement recovery planning and routine data backup processes. For DynamoDB, this implies:

  • Ensuring that backups are created regularly and automatically.
  • Protecting backup data from unauthorized access.
  • Verifying backup integrity and availability.
  • Enabling quick restoration in the event of data loss.

Creating DynamoDB Backups for CSF Compliance

Step-by-Step Guide

1. Automated Backup Configuration

  • Go to the AWS Management Console.
  • Navigate to DynamoDB.
  • Select the table you want to back up.
  • Choose the 'Backups' tab.
  • Click on 'Enable' under Point-in-time recovery (PITR).

2. On-Demand Backup (for individual table)

  • Still in the 'Backups' tab, click on 'Create backup'.
  • Name your backup and add any necessary tags.
  • Click 'Create' to start the backup process.

Necessary AWS CLI Commands

Enable PITR:

aws dynamodb update-continuous-backups --table-name <TableName> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True

Create On-Demand Backup:

aws dynamodb create-backup --table-name <TableName> --backup-name <BackupName>

Verification and Access Control

Verify Backup Integrity

Periodically check the integrity of the backups by restoring a test table from a backup.

Implement IAM Policies for Access Control

Create IAM policies that restrict backup access to authorized personnel only.

CLI Command for Backup Verification (restore to test table)

aws dynamodb restore-table-from-backup --target-table-name <TestTableName> --backup-arn <BackupARN>

Restoration Process

In the event of data loss:

Restoration Steps

  1. 1.
    Go to the AWS Management Console.
  2. 2.
    In DynamoDB, select 'Backups'.
  3. 3.
    Choose the appropriate backup.
  4. 4.
    Select 'Restore' to initiate the restoration process.

CLI Command for Table Restoration

aws dynamodb restore-table-to-point-in-time --source-table-name <TableName> --target-table-name <NewTableName> --restore-date-time <RestoreDateTime>

By integrating DynamoDB tables into your backup plan, you help ensure compliance with the NIST Cybersecurity Framework. The process helps protect your data against incidents and aligns with the CSF's goal of maintaining organizational resilience. Accurate implementation and regular verification of backups are crucial steps in this process.

Is your System Free of Underlying Vulnerabilities?
Find Out Now