DynamoDB tables Point in Time Recovery should be enabled


Point in Time Recovery should be enabled on DynamoDB tables. If an organization allows AWS to automatically back up DDB data, AWS takes on the risk of handling it and the organization can limit its own backup storage.

Remediation Steps

AWS Console

  • Navigate to DynamoDB.

  • In the left navigation, select Tables.

  • Select the desired table and in the Overview section, Enable Point-in-time recovery. Click Enable.


  • Confirm that point-in-time recovery is enabled by using the describe-continuous-backups command.

aws dynamodb describe-continuous-backups \
  --table-name tablename
  • Restore the table to a point in time.

aws dynamodb restore-table-to-point-in-time \
  --source-table-name tablename \
  --target-table-name tablename2 \
  • To verify the restore, use the describe-table command to describe the table:

    • aws dynamodb describe-table --table-name tablename


  • Ensure that the aws_dynamodb_table point_in_time_recovery block has the enabled field set to “true”.

Example Configuration

resource "aws_dynamodb_table" "example" {
  point_in_time_recovery {
    enabled = true
  # other required fields here