Ensure DynamoDB Point-In-Time Recovery (PITR) is enabled
ID |
dynamodb_pitr_disabled |
Severity |
low |
Vendor |
AWS |
Resource |
DynamoDB |
Description
Amazon DynamoDB is a fully managed NoSQL database service that provides fast and predictable performance with seamless scalability.
Amazon DynamoDB enables you to back up your table data continuously by using point-in-time recovery (PITR). When you enable PITR, DynamoDB backs up your table data automatically with per-second granularity so that you can restore to any given second in the preceding 35 days, , as well as any incremental backups of DynamoDB tables.
Having PITR enabled is a must to handle accidental write or delete operations in your organization.
Examples
CloudFormation
{
"Resources": {
"myDynamoDBTable": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"PointInTimeRecoverySpecification": {
"PointInTimeRecoveryEnabled": false (1)
}
}
}
}
}| 1 | PointInTimeRecoveryEnabled set to false means point in time recovery is disabled. |
Resources:
myDynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
PointInTimeRecoverySpecification:
PointInTimeRecoveryEnabled: False (1)| 1 | PointInTimeRecoveryEnabled set to false means point in time recovery is disabled. |
Mitigation / Fix
Buildtime
CloudFormation
{
"Resources": {
"myDynamoDBTable": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"PointInTimeRecoverySpecification": {
"PointInTimeRecoveryEnabled": true (1)
}
}
}
}
}| 1 | PointInTimeRecoveryEnabled set to true means point in time recovery is enabled. |
Resources:
myDynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
PointInTimeRecoverySpecification:
PointInTimeRecoveryEnabled: True (1)| 1 | PointInTimeRecoveryEnabled set to true means point in time recovery is enabled. |
Runtime
AWS Console
To enable PITR go to the Amazon DynamoDB Console:
-
Navigate to the desired DynamoDB table, and then select the
Backupstab. -
Select
Enable.