Control: 2 DynamoDB tables should have point-in-time recovery enabled
Description
This control checks whether point-in-time recovery (PITR) is enabled for an Amazon DynamoDB table.
Backups help you to recover more quickly from a security incident. They also strengthen the resilience of your systems. DynamoDB point-in-time recovery automates backups for DynamoDB tables. It reduces the time to recover from accidental delete or write operations. DynamoDB tables that have PITR enabled can be restored to any point in time in the last 35 days.
Remediation
To remediate this issue, add point-in-time recovery to your DynamoDB table.
To enable DynamoDB point-in-time recovery for an existing table
- Open the DynamoDB console.
- Choose the table that you want to work with, and then choose
Backups. - In the
Point-in-time Recoverysection, underStatus, chooseEnable. - Choose
Enableagain to confirm the change.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.foundational_security_dynamodb_2Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.foundational_security_dynamodb_2 --shareSQL
This control uses a named query:
select arn as resource, case when lower( point_in_time_recovery_description ->> 'PointInTimeRecoveryStatus' ) = 'disabled' then 'alarm' else 'ok' end as status, case when lower( point_in_time_recovery_description ->> 'PointInTimeRecoveryStatus' ) = 'disabled' then title || ' point-in-time recovery not enabled.' else title || ' point-in-time recovery enabled.' end as reason , region, account_idfrom aws_dynamodb_table;