Ensure the DynamoDB table is safeguarded by a backup plan to maintain data availability.
Rule | DynamoDB table should be protected by backup plan |
Framework | SOC 2 |
Severity | ✔ High |
DynamoDB Table Backup Plan for SOC 2 Compliance
When managing AWS DynamoDB tables, ensuring SOC 2 compliance involves implementing and maintaining a comprehensive backup plan. A backup plan is crucial to protect against data loss or corruption, and is essential for business continuity and disaster recovery processes.
Understanding the Rule
SOC 2 compliance is about managing data based on the five Trust Service Principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. For DynamoDB tables, the primary concerns are often security and availability, which means that backup strategies are a significant factor in maintaining compliance.
Backup Requirements for SOC 2
Implementing a Backup Plan
Enabling Continuous Backups with Point-in-Time Recovery (PITR)
AWS DynamoDB supports Continuous Backups with Point-in-Time Recovery (PITR), which allows you to restore your table to any point in time within the last 35 days.
Step-by-Step Guide:
Tables
.Backups
section, choose Enable
under Point-in-Time recovery.Using AWS CLI:
aws dynamodb update-continuous-backups --table-name YourTableName --point-in-time-recovery-specification PointInTimeRecoveryEnabled=True
On-Demand Backup
On-demand backups are full backups that are created at a specific point in time and are retained until you explicitly delete them.
Step-by-Step Guide:
Tables
.Create backup
in the Backups
section.Create
.Using AWS CLI:
aws dynamodb create-backup --table-name YourTableName --backup-name YourBackupName
Automating Backups with AWS Backup
AWS Backup is a centralized backup service that enables you to automate backups across AWS services. For SOC 2 compliance, it is beneficial to utilize AWS Backup to manage and retain DynamoDB backups.
Step-by-Step Guide:
Create a backup plan from a template
.Using AWS CLI, you can create a backup plan by defining a backup plan JSON file and running:
aws backup create-backup-plan --backup-plan file://backup-plan.json
Troubleshooting Steps
If you encounter issues with DynamoDB backups, consider the following troubleshooting tips:
dynamodb:CreateBackup
, dynamodb:EnableContinuousBackups
, and backup:CreateBackupPlan
permissions.Remediation and Verification
After setting up the backup plan, verify its functionality:
Adhering to this plan is critical for SOC 2 compliance and should be monitored and reviewed on a scheduled basis to ensure continuous protection of DynamoDB data.