Rule: DynamoDB Table Point-in-Time Recovery Enabled
This rule ensures enabling DynamoDB table point-in-time recovery for system operations.
| Rule | DynamoDB table point-in-time recovery should be enabled |
| Framework | SOC 2 |
| Severity | ✔ Low |
Rule Description:
DynamoDB table point-in-time recovery must be enabled to align with SOC 2 compliance requirements. Point-in-time recovery allows for the restoration of tables to any previous state within the specified recovery period, providing an additional layer of data protection and reducing the risk of data loss.
Troubleshooting Steps:
If point-in-time recovery is not enabled for the DynamoDB table, follow these steps to troubleshoot and enable it:
- 1.Ensure that you have the necessary IAM permissions to modify the DynamoDB table settings.
- 2.Identify the table for which point-in-time recovery needs to be enabled.
- 3.Check if the table already has point-in-time recovery enabled by viewing the table details in the AWS Management Console or by using the AWS Command Line Interface (CLI).
- 4.If point-in-time recovery is not enabled, proceed to enable it using the appropriate AWS CLI command.
Necessary Code:
The following AWS CLI command can be used to enable point-in-time recovery for a DynamoDB table:
aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
Replace
<table-name>Step-by-Step Guide for Remediation:
- 1.Log in to the AWS Management Console.
- 2.Open the DynamoDB service.
- 3.Navigate to the desired DynamoDB table that needs point-in-time recovery enabled.
- 4.Verify if point-in-time recovery is already enabled by checking the "Status" column in the table overview.
- 5.If point-in-time recovery is already enabled, no action is required. Otherwise, proceed to the next step.
- 6.Open the AWS CLI or any other preferred method for executing AWS CLI commands.
- 7.Run the following command to enable point-in-time recovery:
aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
Replace
<table-name>- 1.Verify the status of point-in-time recovery for the table by checking the "Status" column in the DynamoDB table overview.
- 2.It may take a few moments for the changes to take effect, so check the status again after a short interval.
- 3.Once the status shows point-in-time recovery as enabled, you have successfully enabled it for the DynamoDB table.
Additional Notes:
- Enabling point-in-time recovery for a DynamoDB table incurs additional costs for backup storage. Make sure to consider this when enabling the feature.
- Point-in-time recovery protects against accidental deletion or modification of data. However, it does not protect against intentional malicious actions or data corruption within the specified recovery period.
- Regularly review and test the restore process to ensure that point-in-time recovery is functioning as expected and aligning with your SOC 2 compliance requirements.