Description:
Point-in-time recovery helps protect your DynamoDB tables from accidental write or delete operations. With point-in-time recovery, you don't have to worry about creating, maintaining, or scheduling on-demand backups.
Rational:
With point-in-time recovery, you can restore that table to any point in time during the last 35 days. DynamoDB maintains incremental backups of your table.
Impact:
Amazon DynamoDB point-in-time recovery (PITR) provides automatic backups of your DynamoDB table data. When enabled, point-in-time recovery provides continuous backups until you explicitly turn it off.
Default Value:
By default, DynamoDB Point In Time Recovery(PITR) is disabled.
Audit:
Sign in to AWS Management Console
Navigate to DynamoDB service at https://console.aws.amazon.com/dynamodb
Click on the Tables in the left navigation pane
- Click on the table name you want to examine
- In the overview tab under the Table details, check the Point-in-time recovery column
- If you notice Point-in-time recovery is DISABLED, follow the Implementation steps to enable it
Remediation:
Pre-requisites:Login in as admin or IAM user with required permissions
Additional charges will apply by enabling Point-in-time recovery
Implementation Steps:
Sign in to AWS Management Console
Navigate to DynamoDB service at https://console.aws.amazon.com/dynamodb
Click on the Tables in the left navigation pane
Click on the table name you want to modify
Switch to the Backups tab, you can see the edit option with Point-in-time recovery
Turn on point-in-time-recovery and save changes to ENABLE it.
Via CLI:
aws dynamodb update-continuous-backups \
--table-name MusicCollection \
--point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
Backout plan:
To disable the Point-In-Time recovery do follow the same steps in the Implementation section and in step5 click on Disable.