Rule: DynamoDB Table Point-in-Time Recovery Enabled
This rule ensures that DynamoDB table point-in-time recovery is enabled for data protection.
| Rule | DynamoDB table point-in-time recovery should be enabled |
| Framework | HIPAA |
| Severity | ✔ Low |
DynamoDB Table Point-in-Time Recovery for HIPAA Compliance
Description:
To comply with HIPAA (Health Insurance Portability and Accountability Act) regulations, enable Point-in-Time Recovery (PITR) for your Amazon DynamoDB table. Enabling PITR helps in recovering your table data to a specific point in time within the last 35 days in case of accidental data loss or deletion.
Troubleshooting Steps:
If you encounter any issues while enabling DynamoDB table Point-in-Time Recovery for HIPAA compliance, please follow the troubleshooting steps below:
- 1.
Verify HIPAA Compliance: Ensure that your DynamoDB table and overall AWS environment adhere to HIPAA requirements. Confirm that all data processed or stored in DynamoDB aligns with HIPAA regulations.
- 2.
Check DynamoDB Table Compatibility: Verify that your DynamoDB table is compatible with Point-in-Time Recovery. PITR is available only for tables with the following conditions:
- The table is not in the DELETING state.
- The table has a point-in-time recovery status of DISABLED.
- 3.
Understand DynamoDB PITR Limitations: Be aware of the limitations associated with DynamoDB Point-in-Time Recovery. For example, once enabled, you cannot disable PITR for a table. It is recommended to test PITR in a non-production environment before enabling it for your HIPAA-compliant tables.
- 4.
Check IAM Roles and Permissions: Ensure that you have the necessary permissions to enable Point-in-Time Recovery for your DynamoDB table. Verify that the IAM (Identity and Access Management) roles associated with your AWS account have the required permissions for enabling PITR.
- 5.
Review AWS Billing and Usage: Confirm that your AWS account is in good standing and there are no billing-related issues. PITR may be subject to additional costs, so review your AWS billing to understand any potential impact.
- 6.
Consult AWS Support: If you encounter any technical difficulties or require further assistance, reach out to AWS Support for guidance.
Necessary Code:
There is no specific code required to enable DynamoDB table Point-in-Time Recovery. This feature is available through the AWS Management Console, AWS CLI, or SDKs.
Step-by-Step Guide for Remediation:
Follow the steps below to enable Point-in-Time Recovery for your DynamoDB table to meet HIPAA compliance:
- 1.
Open the AWS Management Console.
- 2.
Navigate to the DynamoDB service.
- 3.
Select the desired DynamoDB table that needs Point-in-Time Recovery enabled.
- 4.
Click on the "Manage PITR" option in the table details.
- 5.
On the "Manage PITR" page, click the "Enable Point-in-Time Recovery" button.
- 6.
A confirmation message will appear, stating that enabling PITR is irreversible. Confirm and proceed by clicking the "Enable" button.
- 7.
After enabling, DynamoDB will perform background tasks to enable Point-in-Time Recovery for the selected table. The process may take a few minutes to complete.
- 8.
Once enabled, you can view the status of Point-in-Time Recovery for the table by going to the "Manage PITR" page.
- 9.
PITR provides a continuous backup process, capturing changes to the table every 5 minutes. You can restore the table data to any second in the last 35 days if needed.
Note: Enabling PITR may result in additional costs. Refer to the Amazon DynamoDB pricing page for information on PITR costs.
By following these steps, you can enable Point-in-Time Recovery for your DynamoDB table, complying with HIPAA regulations. Ensure all other HIPAA requirements are met within your AWS environment for comprehensive compliance.