Risk Level: High
Cloud Entity: Amazon DynamoDB
CloudGuard Rule ID: D9.AWS.DR.04
Covered by Spectral: Yes
Category: Database

GSL LOGIC

DynamoDbTable should have continuousBackups.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus='ENABLED'

REMEDIATION

From Portal

Sign in to the AWS Management Console and open the DynamoDB console.
In the navigation pane on the left side of the console, choose Tables.
In the list of tables, choose the table you want to update backups
Click on the Backups tab of the table,
Click on edit tab under 'Point-in-time recovery (PITR)' section.
Checkmark on 'Enable point-in-time-recovery' and click save changes.

From TF

resource "aws_dynamodb_table" "example" {
	point_in_time_recovery {
		enabled = true
	}
	other required fields here
}

From Command Line
The following command update-continuous-backups enables point-in-time recovery for specific table.

aws dynamodb update-continuous-backups --table-name EXAMPLE_NAME --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true

References

Amazon DynamoDB

Amazon DynamoDB is a fast and flexible nonrelational database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models. Its flexible data model, reliable performance, and automatic scaling of throughput capacity make it a great fit for mobile, web, gaming, ad tech, IoT, and many other applications

Compliance Frameworks

AWS CIS Controls V 8
AWS CSA CCM v.4.0.1
AWS CloudGuard Best Practices
AWS CloudGuard SOC2 based on AICPA TSC 2017
AWS HITRUST
AWS HITRUST v11.0.0
AWS ISO27001:2022
AWS ITSG-33
AWS MITRE ATT&CK Framework v10
AWS MITRE ATT&CK Framework v11.3
AWS NIST 800-53 Rev 5
AWS Security Risk Management
CloudGuard AWS All Rules Ruleset