Enable Point-in-Time Recovery Rule
This rule ensures DynamoDB table point-in-time recovery is enabled for data protection and restoration purposes.
| Rule | DynamoDB table point-in-time recovery should be enabled |
| Framework | RBI Cyber Security Framework |
| Severity | ✔ Low |
DynamoDB Table Point-in-Time Recovery for RBI Cyber Security Framework
Rule Description:
For compliance with the RBI (Reserve Bank of India) Cyber Security Framework, DynamoDB tables should have point-in-time recovery enabled. Point-in-time recovery allows you to restore your DynamoDB table to any point within the specified recovery window, typically up to 35 days. This provides protection against accidental data loss, table corruption, or malicious attacks.
Enabling point-in-time recovery helps ensure data availability and supports regulatory compliance requirements outlined in the RBI Cyber Security Framework.
Troubleshooting Steps:
1. Verify DynamoDB table name:
- Ensure you have the correct name of the DynamoDB table for which you want to enable point-in-time recovery. You can retrieve the table name using the AWS Management Console, AWS CLI, or SDKs.
2. Check AWS Region:
- Ensure you are operating in the correct AWS Region where the DynamoDB table exists. Point-in-time recovery needs to be enabled in the same region where the table is located.
3. Check IAM permissions:
- Verify that you have sufficient IAM (Identity and Access Management) permissions to enable point-in-time recovery for DynamoDB tables. Ensure that your IAM user or role has the necessary
permission.dynamodb:UpdateTimeToLive
4. Confirm table status:
- Check if the DynamoDB table is in the "ACTIVE" state. Point-in-time recovery can only be enabled for active tables.
5. Ensure table size limits:
- Be aware that enabling point-in-time recovery may increase the size and cost of the DynamoDB table. Ensure that you have enough provisioned throughput and storage capacity to handle the increased storage requirements.
Required Code:
No specific code is required to enable point-in-time recovery for DynamoDB tables. The remediation steps involve using AWS Management Console or AWS CLI to configure the table settings.
Remediation Steps:
Follow these steps to enable point-in-time recovery for a DynamoDB table:
- 1.
AWS Management Console:
- Login to the AWS Management Console.
- Go to the DynamoDB service.
- Select the appropriate AWS Region.
- Click on the name of the DynamoDB table you want to enable point-in-time recovery for.
- In the table details page, click on the "Manage TTL" button.
- Choose the "Enable Point-in-Time Recovery" option.
- Set the desired recovery window (up to 35 days).
- Click "Save".
- 2.
AWS CLI:
Open your preferred terminal or command prompt.
Use the following AWS CLI command to enable point-in-time recovery for a DynamoDB table:
aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=TrueReplace
with the actual name of the DynamoDB table.<table-name>Press Enter to execute the command.
Verify that the command executed successfully without any errors.
Once point-in-time recovery is enabled for the DynamoDB table, it will start capturing automatic backups of your data. You can use the backups to restore the table to any point in time within the specified recovery window if needed.
Ensure that you regularly monitor the size and cost implications of the enabled point-in-time recovery to optimize the performance and cost-effectiveness of your DynamoDB solution.
Note: Enabling point-in-time recovery may incur additional costs. Review the AWS pricing documentation for DynamoDB for the latest pricing details.
By following these steps, you will successfully enable point-in-time recovery for your DynamoDB table as required by the RBI Cyber Security Framework.