Enable DynamoDB Table Point-in-Time Recovery Rule
This rule ensures enabling point-in-time recovery for DynamoDB tables.
| Rule | DynamoDB table point-in-time recovery should be enabled |
| Framework | Federal Financial Institutions Examination Council (FFIEC) |
| Severity | ✔ Low |
Rule Description
The rule requires enabling point-in-time recovery (PITR) for DynamoDB tables specifically for Federal Financial Institutions Examination Council (FFIEC) compliance. PITR is a feature in DynamoDB that allows you to restore a table to any point within a specific time range, typically up to the past 35 days. By enabling PITR, you ensure that your data is protected and can be restored in case of accidental deletion or corruption.
Troubleshooting Steps
If there are any issues with enabling PITR for your DynamoDB table, you can follow the steps below to troubleshoot:
- 1.
Ensure that you have the necessary permissions: Check if you have the required permissions to enable PITR for DynamoDB tables. You need to be an IAM user or role with appropriate privileges, such as "dynamodb:EnableContinuousBackups" and "dynamodb:UpdateContinuousBackups".
- 2.
Check the table status: Ensure that your DynamoDB table is in the ACTIVE state. If the table is in a different state, you need to resolve any issues related to the table, such as provisioning errors, before enabling PITR.
- 3.
Verify AWS region compatibility: PITR is only available in certain AWS regions. Make sure that the AWS region you are using supports PITR for DynamoDB. If not, consider migrating your DynamoDB table to a compatible region or exploring alternative backup options.
- 4.
Check table size limitations: DynamoDB has size limitations for PITR-enabled tables. Ensure that your table size is within the allowed limits. If the table size exceeds the limits, consider archiving or deleting unnecessary data to reduce the size.
- 5.
Validate PITR settings: Verify that your PITR configuration settings are correctly defined. Double-check the retention period and frequency of backups to align with your requirements and compliance standards.
- 6.
Review PITR costs: Understand the cost implications of enabling PITR for your DynamoDB table. PITR can incur additional charges for storage and backup operations. Evaluate your budget and confirm that you are aware of the associated costs.
Necessary Codes (if applicable)
In this case, no specific code is required to enable PITR for DynamoDB tables. The configuration can be done through the AWS Management Console, AWS CLI, or through AWS SDKs.
Remediation Steps
Follow the step-by-step guide below to enable PITR for your DynamoDB table:
- 1.
Sign in to the AWS Management Console.
- 2.
Navigate to the DynamoDB service.
- 3.
Select the DynamoDB table(s) that need PITR enabled.
- 4.
Click on the "Continuous backups" tab or the "Backup and restore" option, depending on the console layout version.
- 5.
Check the documentation or user interface for options related to PITR.
- 6.
Enable PITR for the selected table(s) by toggling the switch or selecting appropriate settings.
- 7.
Specify the retention period for backups based on your compliance requirements.
- 8.
Save the changes and wait for PITR to be enabled.
Note: The time required to enable PITR depends on the size of your DynamoDB table and the amount of data present.
- 1.Validate the successful enablement of PITR by checking the status or confirmation messages in the console.
Conclusion
By following the troubleshooting steps and remediation guide outlined above, you can enable point-in-time recovery (PITR) for DynamoDB tables in compliance with the Federal Financial Institutions Examination Council (FFIEC) requirements. This ensures that your data is protected and can be restored to any desired point in time, providing an added layer of security for your critical information.