Enable Rule for DynamoDB Table Point-in-Time Recovery
This rule ensures DynamoDB table is set up for point-in-time recovery.
| Rule | DynamoDB table point-in-time recovery should be enabled |
| Framework | NIST 800-53 Revision 5 |
| Severity | ✔ Low |
DynamoDB Table Point-in-Time Recovery - Rule Description
Overview:
To comply with NIST 800-53 Revision 5, DynamoDB tables should have point-in-time recovery (PITR) enabled. Point-in-time recovery allows you to restore a DynamoDB table to a specific point in time, within a maximum retention period of 35 days. By enabling PITR, you ensure data durability and allow for easy recovery in the event of accidental data loss or corruption.
Troubleshooting Steps (if any):
If you encounter issues while trying to enable point-in-time recovery for a DynamoDB table, follow the steps below to troubleshoot the problem:
- 1.Check table status: Verify that the DynamoDB table is in the "ACTIVE" state. PITR cannot be enabled for a table that is not in the active state.
- 2.Check table size: PITR can only be enabled for tables with a maximum size limit of 10 TB. Ensure that your table size does not exceed this limit.
- 3.Check IAM permissions: Ensure that the IAM user or role used to enable PITR has the necessary permissions to modify the table settings. The user/role should have the
permission for the target table.dynamodb:UpdateContinuousBackups
Necessary Codes (if any):
If you are using the AWS Command Line Interface (CLI) to enable point-in-time recovery for a DynamoDB table, you can use the following code snippet:
aws dynamodb update-continuous-backups --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
Replace
<table-name>Step-by-Step Guide for Remediation:
Follow the steps below to enable point-in-time recovery for a DynamoDB table:
- 1.
Step 1: Log in to the AWS Management Console.
- 2.
Step 2: Navigate to the DynamoDB service.
- 3.
Step 3: Select the desired region from the top-right corner of the console.
- 4.
Step 4: In the left-hand navigation pane, click on "Tables".
- 5.
Step 5: Locate the target DynamoDB table and click on its name to open the table details.
- 6.
Step 6: Click on the "Manage Continuous Backups" tab.
- 7.
Step 7: Click on the "Enable Point-in-Time Recovery" button.
- 8.
Step 8: Review the information on the confirmation screen and click "Enable" to proceed.
- 9.
Step 9: Wait for the PITR status to change to "Enabled". This process may take a few minutes.
Congratulations! You have successfully enabled point-in-time recovery for your DynamoDB table, ensuring data durability and easy recovery in case of any accidents or corruption.
Note: Enabling point-in-time recovery may incur additional costs. Make sure to review and consider the pricing details before enabling PITR for your DynamoDB tables.
Remember to repeat this process for all other DynamoDB tables that need to comply with the NIST 800-53 Revision 5 requirement.