Enable DynamoDB Table Point-in-Time Recovery Rule
This rule ensures DynamoDB table point-in-time recovery is enabled for data protection and disaster recovery.
| Rule | DynamoDB table point-in-time recovery should be enabled |
| Framework | NIST 800-171 Revision 2 |
| Severity | ✔ Low |
DynamoDB Table Point-in-Time Recovery Enforcement for NIST 800-171 Revision 2
Description
DynamoDB is a fully managed NoSQL database service offered by Amazon Web Services (AWS). To ensure compliance with NIST 800-171 Revision 2, it is recommended to enable point-in-time recovery (PITR) for your DynamoDB tables. PITR provides continuous backups of your DynamoDB tables, allowing you to restore your data to any point in time within the retention period. This safeguard helps protect against accidental data loss, table corruption, or malicious activities.
Enabling PITR for your DynamoDB tables aligns with the security requirements outlined in NIST 800-171 Revision 2, which aims to establish controls for protecting Controlled Unclassified Information (CUI).
Troubleshooting Steps
If you encounter any issues while enabling point-in-time recovery for DynamoDB tables, you can follow these troubleshooting steps:
- 1.
Permission Errors: Ensure that you have sufficient permissions to enable PITR for DynamoDB tables. Verify that you have the necessary AWS Identity and Access Management (IAM) roles or policies attached to your account.
- 2.
Table Limitations: Some older or specific DynamoDB table configurations might not support point-in-time recovery. Confirm that the table is globally or regionally present, not a replicated table, and meets the requirements for PITR. Refer to the AWS documentation for any specific limitations.
- 3.
Retention Period: DynamoDB requires you to specify the amount of time you want to retain your backups when enabling PITR. Ensure that you have set an appropriate retention period that satisfies your compliance requirements.
- 4.
Resource Availability: Check if there are sufficient resources available in your AWS account to enable PITR for DynamoDB tables. AWS has certain regional quotas and limits for PITR-enabled tables. Review the AWS documentation for current limits.
Necessary Codes
There are no specific codes required for enabling point-in-time recovery for DynamoDB tables for NIST 800-171 Revision 2 compliance. The steps outlined below explain how to enable it using the AWS Management Console.
Step-by-Step Guide
Follow these steps to enable point-in-time recovery for your DynamoDB tables:
- 1.
Login: Log in to your AWS Management Console.
- 2.
Navigate to DynamoDB Service: Go to the DynamoDB service page.
- 3.
Select Table: Select the DynamoDB table for which you want to enable point-in-time recovery.
- 4.
Click on "Backups": Click on the "Backups" tab.
- 5.
Enable PITR: Under the "Point-in-Time Recovery" section, click on the "Enable" button.
- 6.
Set Retention Period: Enter the desired retention period for your backups. Consider your compliance requirements and choose an appropriate value.
- 7.
Confirm PITR:
- Read and understand the implications and costs associated with enabling point-in-time recovery.
- Under the "Enable Point-in-Time Recovery" dialog, click on "Enable."
- 8.
Verification: Wait for some time, refresh the table page, and ensure that the "Point-in-Time Recovery" status for the table changes from "DISABLED" to "ENABLED."
Conclusion
By following the above steps, you can enforce the NIST 800-171 Revision 2 requirement of enabling point-in-time recovery for your DynamoDB tables. This helps ensure data integrity, protection against accidental data loss, and compliance with security standards. Regularly review your PITR configuration to make sure it aligns with your organization's needs and retention policies.