Skip to content

Ensure that Point-in-Time Recovery is enabled

Description

AWS DynamoDB offers the ability to restore tables to a specific point in time. Point in time recovery creates continuous backups, allowing you to restore to any point within the last 35 days.

Rationale

Ensuring your data is secure against both malicious and accidental writes and deletions is important for ensuring application availability and continuity of operations. By enabling continuous backups via point-in-time DynamoDB recovery, you ensure that backups are available for your data without needing to manage backup schedules.

As point in time recovery does not impact application performance, it should be enabled for all DynamoDB tables containing business impacting data.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service dynamodb

Default Rule

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if point-in-time recovery is enabled
 */
function validate(databaseSettings) {
    const expectedValue = "ENABLED"
    const success = databaseSettings.awsDatabaseInstance &&
                    databaseSettings.awsDatabaseInstance.dynamoDbInstance &&
                    databaseSettings.awsDatabaseInstance.dynamoDbInstance.continuousBackupsDescription &&
                    databaseSettings.awsDatabaseInstance.dynamoDbInstance.continuousBackupsDescription
                    .pointInTimeRecoveryDescription &&
                    databaseSettings.awsDatabaseInstance.dynamoDbInstance.continuousBackupsDescription
                    .pointInTimeRecoveryDescription.pointInTimeRecoveryStatus === expectedValue

    return {
        success,
    }
}

// invoke
validate(databaseSettings);