Control: DynamoDB tables should be in a backup plan
Description
To help with data back-up processes, ensure your AWS DynamoDB tables are a part of an AWS Backup plan.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.dynamodb_table_in_backup_planSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.dynamodb_table_in_backup_plan --shareSQL
This control uses a named query:
with mapped_with_id as ( select jsonb_agg(elems) as mapped_ids from aws_backup_selection, jsonb_array_elements(resources) as elems group by backup_plan_id),mapped_with_tags as ( select jsonb_agg(elems ->> 'ConditionKey') as mapped_tags from aws_backup_selection, jsonb_array_elements(list_of_tags) as elems group by backup_plan_id),backed_up_table as ( select t.name from aws_dynamodb_table as t join mapped_with_id as m on m.mapped_ids ?| array[t.arn] union select t.name from aws_dynamodb_table as t join mapped_with_tags as m on m.mapped_tags ?| array(select jsonb_object_keys(tags)))select t.arn as resource, case when b.name is null then 'alarm' else 'ok' end as status, case when b.name is null then t.title || ' not in backup plan.' else t.title || ' in backup plan.' end as reason , t.region, t.account_idfrom aws_dynamodb_table as t left join backed_up_table as b on t.name = b.name;