Ensure DynamoDB point in time recovery is enabled

ID

dynamodb_recovery

Severity

high

Vendor

AWS

Resource

Amazon DynamoDB

Tags

reachable

Description

Enabling point-in-time recovery (PITR) on Amazon DynamoDB global tables serves as a safeguard against data loss resulting from inadvertent writes, deletions, or data corruption incidents. When PITR is active, you gain the capability to restore a global table to any specific moment within a designated recovery timeframe, usually spanning up to 35 days. This functionality proves invaluable when you must reverse unintended alterations or recover from instances of data corruption.

Examples

Buildtime

Terraform

resource "aws_dynamodb_table"{
  name           = "example-table"
  point_in_time_recovery {
    enabled = false (1)
  }
1 Point in time recovery is disabled.

Mitigation / Fix

Buildtime

Terraform

resource "aws_dynamodb_table"{
  name           = "example-table"
  point_in_time_recovery {
    enabled = true (1)
  }
1 Ensure the point_in_time_recovery attribute is present and enabled.