DynamoDB PITR is disabled
Description
DynamoDB Point-In-Time Recovery (PITR) is an automatic backup service for DynamoDB table data that helps protect your DynamoDB tables from accidental write or delete operations. Once enabled, PITR provides continuous backups that can be controlled using various programmatic parameters. PITR can also be used to restore table data from any point in time during the last 35 days, as well as any incremental backups of DynamoDB tables.
Code Example
{
"aws dynamodb update-continuous-backups \\
--table-name MusicCollection \\
--point-in-time-recovery-specification PointInTimeRecoveryEnabled=true",
}Remediation
- AWS Console*
To change the policy using the AWS Console, follow these steps:
. Log in to the AWS Management Console at https://console.aws.amazon.com/.
. Open the * https://console.aws.amazon.com/dynamodb/ [Amazon DynamoDB console]*.
. Navigate to the desired * DynamoDB* table, then select the * Backups* tab.
. To turn the feature on, click * Enable*. + The * Earliest restore date* and * Latest restore date* are visible within a few seconds.
- CLI Command*
To update continuous backup settings for a DynamoDB table:
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0082 |
| Severity | HIGH |
| IaC Type | Cloudformation |
| Frameworks | CloudFormation, Terraform, TerraformPlan, Serverless |
| Checkov ID | CKV_AWS_28 |