This rule ensures DynamoDB table point-in-time recovery is enabled for data protection and disaster recovery.
Rule | DynamoDB table point-in-time recovery should be enabled |
Framework | SOC 2 |
Severity | ✔ Low |
DynamoDB Table Point-in-Time Recovery Policy
Overview
DynamoDB is a fully managed NoSQL database service provided by Amazon Web Services (AWS). It offers fast and flexible document storage for applications. One important feature of DynamoDB is Point-in-Time Recovery (PITR), which allows you to restore your data to any point in time within a 35-day window.
This policy aims to enforce the enabling of Point-in-Time Recovery for DynamoDB tables that store data related to SOC 2 compliance requirements. SOC 2 is a widely recognized auditing standard that focuses on security, availability, processing integrity, confidentiality, and privacy of customer data.
Policy Description
To comply with SOC 2 requirements, all DynamoDB tables containing data relevant to SOC 2 compliance must have Point-in-Time Recovery enabled. By enabling this feature, you can restore your tables to a specific point in time in case of accidental data loss or corruption. This helps ensure the availability and integrity of your data, which are key components of SOC 2 compliance.
Troubleshooting Steps
If Point-in-Time Recovery is not enabled for a DynamoDB table, follow these steps to troubleshoot the issue:
Verify Table Existence: Ensure that the DynamoDB table you are working with exists and is accessible.
Check IAM Permissions: Confirm that you have sufficient AWS Identity and Access Management (IAM) permissions to modify the table settings and enable Point-in-Time Recovery.
Verify Region Compatibility: PITR may not be available in all AWS regions. Make sure that the selected region supports this feature.
Upgrade Table: If PITR is not available for the table, it might be because the table was created before PITR support was added. You can upgrade the table to enable PITR.
Code Example
To enable Point-in-Time Recovery for a DynamoDB table, you can use AWS SDKs or the AWS Command Line Interface (CLI). Here is an example of a CLI command:
aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
Replace
<table-name>
with the name of your DynamoDB table.Remediation Steps
To enable Point-in-Time Recovery for a DynamoDB table, follow these steps:
Open the AWS Management Console.
Navigate to the DynamoDB service.
Select the desired DynamoDB table that needs Point-in-Time Recovery enabled.
Click on the "Manage continuous backups" tab.
Enable the "Point-in-Time Recovery" option by clicking the toggle to the "Enabled" position.
Click "Save" to enable Point-in-Time Recovery for the selected table.
Conclusion
Enabling Point-in-Time Recovery for DynamoDB tables storing SOC 2-related data is essential for maintaining data integrity and ensuring compliance. By following the troubleshooting steps and remediation guide, organizations can enforce this policy and mitigate the risk of data loss in the event of accidental deletion or corruption.