Rule: DynamoDB tables in a Backup Plan
Ensure all DynamoDB tables are included in a backup plan to comply with system and communications protection standards.
| Rule | DynamoDB tables should be in a backup plan |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Medium |
Rule Description
To comply with NIST 800-171 Revision 2, DynamoDB tables should be included in a backup plan. Regular backups are essential to ensure the availability and recoverability of data in case of accidental deletion, corruption, or other catastrophic events. By including DynamoDB tables in a backup plan, organizations can safeguard their data and meet the requirements of NIST 800-171 Revision 2.
Troubleshooting Steps (if applicable)
- 1.
Verify backup configuration: Check if the DynamoDB table has been included in the backup plan. Ensure that the backup plan is set up correctly and covers the required retention period.
- 2.
Check backup frequency: Verify the frequency of backups. Ensure that backups are scheduled regularly to minimize data loss in case of an incident.
- 3.
Inspect backup logs: Analyze the backup logs to identify any errors or failures. Troubleshoot and resolve any issues that may affect the backup process.
- 4.
Review backup storage: Make sure that the backup storage has sufficient capacity to accommodate backups for the selected retention period. If storage capacity is running low, consider increasing the storage or implementing a data lifecycle policy to manage backups efficiently.
- 5.
Test data restoration: Periodically perform test restorations to validate the backup process. Ensure that backups can be successfully restored and data integrity is maintained.
Necessary Codes (if applicable)
Depending on the backup solution you employ for DynamoDB tables, specific codes or configurations may be required. Use the following code snippet as an example for backing up DynamoDB tables using the AWS Command Line Interface (CLI):
$ aws dynamodb create-backup --table-name <table-name> --backup-name <backup-name>
Replace
<table-name><backup-name>Step-by-Step Guide for Remediation
Follow these steps to include DynamoDB tables in a backup plan:
- 1.
Identify critical DynamoDB tables: Determine which DynamoDB tables contain critical or sensitive data that needs to be protected through regular backups.
- 2.
Select a backup solution: Choose a backup solution that suits your organization's requirements and budget. AWS Backup is a recommended option for backing up DynamoDB tables.
- 3.
Configure the backup plan: Set up a backup plan that includes the identified DynamoDB tables. Define the backup frequency, retention period, and backup storage location.
- 4.
Assign appropriate permissions: Ensure that the IAM roles or users responsible for backup operations have the necessary permissions to access and back up DynamoDB tables.
- 5.
Test the backup and restoration process: Perform a test backup and restoration to validate the backup plan. Verify that data can be successfully backed up and restored without compromising its integrity.
- 6.
Monitor backups: Regularly monitor backup logs and ensure that backups are being executed as per the defined schedule. Address any issues or failures promptly.
- 7.
Periodically review and update the backup plan: As your organization's data landscape evolves, periodically review and update the backup plan to include new DynamoDB tables or modify existing configurations as necessary.
By following these steps, you can ensure that your DynamoDB tables are included in a backup plan and comply with the requirements of NIST 800-171 Revision 2.