DynamoDB tables Point in Time Recovery should be enabled¶
Description¶
Point in Time Recovery should be enabled on DynamoDB tables. If an organization allows AWS to automatically back up DDB data, AWS takes on the risk of handling it and the organization can limit its own backup storage.
Remediation Steps¶
AWS Console¶
Navigate to DynamoDB.
In the left navigation, select Tables.
Select the desired table and in the Overview section, Enable Point-in-time recovery. Click Enable.
AWS CLI¶
Confirm that point-in-time recovery is enabled by using the describe-continuous-backups command.
aws dynamodb describe-continuous-backups \
--table-name tablename
Restore the table to a point in time.
aws dynamodb restore-table-to-point-in-time \
--source-table-name tablename \
--target-table-name tablename2 \
--use-latest-restorable-time
To verify the restore, use the describe-table command to describe the table:
aws dynamodb describe-table --table-name tablename
CloudFormation¶
JSON¶
Ensure that AWS::DynamoDB::Table contains the following:
{
"Properties" : {
"PointInTimeRecoverySpecification" : {
"PointInTimeRecoveryEnabled" : true
}
}
}
JSON Example Configuration¶
{
"Type" : "AWS::DynamoDB::Table",
"Properties" : {
"PointInTimeRecoverySpecification" : {
"PointInTimeRecoveryEnabled" : true
}
}
# other required fields here
}
YAML¶
Ensure that AWS::DynamoDB::Table contains the following:
Properties:
PointInTimeRecoverySpecification:
PointInTimeRecoveryEnabled: true
YAML Example Configuration¶
Type: AWS::DynamoDB::Table
Properties:
PointInTimeRecoverySpecification:
PointInTimeRecoveryEnabled: true
# other required fields here
Terraform¶
Ensure that the aws_dynamodb_table
point_in_time_recovery
block has theenabled
field set to “true”.
Example Configuration¶
resource "aws_dynamodb_table" "example" {
point_in_time_recovery {
enabled = true
}
# other required fields here
}