Rule: DynamoDB Tables in Backup Plan
Ensure all DynamoDB tables are included in a backup plan for data protection.
| Rule | DynamoDB tables should be in a backup plan |
| Framework | GxP EU Annex 11 |
| Severity | ✔ Medium |
DynamoDB Backup Compliance for GxP EU Annex 11
Overview of GxP EU Annex 11 and DynamoDB Backup Requirement
GxP EU Annex 11 refers to the European Union's guidelines on Good Manufacturing Practices (GMP) particularly concerning computerized systems. It requires that data which is critical to the quality of pharmaceutical products must be reliably backed up and such backups should be regularly tested to ensure they can be restored.
For AWS DynamoDB, a managed NoSQL database service, meeting the GxP EU Annex 11 requirement means implementing routine backups and validating their integrity.
Implementing Backup Strategy for DynamoDB
Step 1: Enable Automated Backups
AWS DynamoDB supports on-demand and automated backups.
On-Demand Backups:
aws dynamodb create-backup --table-name <YourTableName> --backup-name <YourBackupName>
Replace
<YourTableName><YourBackupName>Automated Backups:
- Go to the AWS Management Console.
- Navigate to DynamoDB.
- Select the table you want to back up.
- In the "Backups" section, turn on "Point-In-Time Recovery."
No AWS CLI command is required for enabling Point-In-Time Recovery as it's a console-based toggle.
Step 2: Regularly Test Backups for Integrity
Ensure backups are functional by performing periodic test restorations.
Restore Command:
aws dynamodb restore-table-from-backup --target-table-name <YourRestoredTableName> --backup-arn <YourBackupARN>
Replace
<YourRestoredTableName><YourBackupARN>Step 3: Set Retention Policy for Backups
Define a retention policy that aligns with GxP requirements.
Retention Policy Implementation:
Automated backups with Point-In-Time Recovery have a 35-day retention period by default. For on-demand backups, you may delete them manually or use lifecycle policies if utilizing S3 for storing backups.
Delete an On-Demand Backup:
aws dynamodb delete-backup --backup-arn <YourBackupARN>
Replace
<YourBackupARN>Regular Monitoring and Compliance Documentation
Step 1: Monitor Backup Activity
Enable CloudWatch alarms to monitor successful and failed backup attempts.
Step 2: Maintain Compliance Logs
Use AWS CloudTrail to track actions taken on DynamoDB resources.
AWS CloudTrail Setup:
- Navigate to AWS CloudTrail in the AWS Management Console.
- Make sure logging is enabled for DynamoDB events.
Step 3: Document Backup Procedures and Tests
Keep detailed records of backup schedules, testing procedures, and results to demonstrate compliance with GxP EU Annex 11.
Remediation for Backup Failures
If backup or recovery processes fail:
Troubleshooting and Remediation Steps:
- 1.Check CloudWatch alarms and logs for error messages.
- 2.Inspect AWS CloudTrail for any unauthorized or failed operations.
- 3.If Point-In-Time Recovery fails, verify that it's enabled and that you're within the 35-day window.
- 4.For on-demand backups, confirm that your user has the necessary IAM permissions.
- 5.Contact AWS Support for assistance if backup or recovery issues persist.
To ensure SEO friendliness without sacrificing precision, the above guide focuses on actionable directives, relevant command-line examples, and keyword optimization around DynamoDB, backups, and GxP EU Annex 11 compliance, which should aid in enhancing search engine rankings for this content.