This rule requires enabling point-in-time recovery for DynamoDB tables.
Rule | DynamoDB table point-in-time recovery should be enabled |
Framework | FedRAMP Low Revision 4 |
Severity | ✔ Low |
Rule Description
The DynamoDB table point-in-time recovery feature should be enabled for FedRAMP Low Revision 4 compliance. Point-in-time recovery allows you to restore your DynamoDB tables to any second during the preceding 35-day period, thereby protecting against accidental data loss. This requirement ensures that data durability and recoverability measures are in place, which are essential for compliance with FedRAMP Low Revision 4 standards.
Remediation Steps
Follow the steps below to enable point-in-time recovery for your DynamoDB table:
Step 1: Access the AWS Management Console
Navigate to the AWS Management Console by visiting https://console.aws.amazon.com/ and enter your login credentials.
Step 2: Access DynamoDB Service
From the AWS Management Console homepage, search for "DynamoDB" in the search bar at the top. Click on the "DynamoDB" service from the search results to access the DynamoDB console.
Step 3: Select the DynamoDB Table
In the DynamoDB console, select the table for which you want to enable point-in-time recovery from the list of available tables.
Step 4: Go to the "Backup and Restore" tab
In the left-hand menu, click on the "Backup and Restore" tab to access the point-in-time recovery settings.
Step 5: Enable Point-in-time Recovery
Under the "Backup and Restore" tab, check if the option for point-in-time recovery is already enabled. If not, click on the "Enable" button to enable point-in-time recovery for the selected table.
Step 6: Configure Recovery Window
After enabling point-in-time recovery, you can configure the recovery window. The recovery window determines the maximum duration in days that a table can be restored to a specific point in time. Configure the recovery window according to your requirements.
Step 7: Save Changes
Click on the "Save Changes" button to apply the configuration and enable point-in-time recovery for the selected DynamoDB table.
Troubleshooting
In case you encounter any issues while enabling point-in-time recovery, refer to the troubleshooting steps below:
Troubleshooting Step 1: Check IAM Permissions
Ensure that your IAM user or role has the necessary permissions to enable point-in-time recovery for DynamoDB tables. You should have permissions such as
dynamodb:EnableContinuousBackups
and dynamodb:UpdateTimeToLive
.Troubleshooting Step 2: Verify Region Availability
Point-in-time recovery is not available in all AWS regions. Ensure that you are using a region where point-in-time recovery is supported. Refer to the AWS Regional Services List for availability details.
Troubleshooting Step 3: Check Table Limitations
Note that not all types of DynamoDB tables support point-in-time recovery. Verify that your table is compatible with this feature. On-demand backup tables and tables with PITR disabled cannot have point-in-time recovery enabled.
Troubleshooting Step 4: Verify IAM Policies
Double-check your IAM policies to ensure they are correctly configured and grant the necessary permissions for enabling point-in-time recovery.
If the above troubleshooting steps do not resolve the issue, consider verifying the AWS DynamoDB documentation or reaching out to AWS Support for further assistance.
Additional Notes
None.
Relevant Codes
There are no specific codes required for enabling point-in-time recovery in DynamoDB as it can be achieved through the AWS Management Console.