Profile Applicability:
- Level 1
Description:
Amazon DynamoDB provides managed, scalable NoSQL database services, and enabling backup plans ensures that critical tables are protected by scheduled backups. This SOP checks if DynamoDB tables are included in a backup plan, either through DynamoDB On-Demand Backup or DynamoDB Streams integrated with other backup solutions, ensuring that valuable data is recoverable in case of accidental deletion, corruption, or failure.
Rationale:
Data Protection: Enabling backups helps ensure data is recoverable in the event of accidental deletion, corruption, or failure.
Compliance: Regular backups are often required for compliance with data protection regulations like GDPR, HIPAA, and SOC 2.
Disaster Recovery: Having a robust backup strategy allows businesses to restore lost data quickly and mitigate potential business disruptions.
Impact:
Pros:
Data Safety: Backups ensure that important data can be restored in the event of a failure.
Compliance: Helps meet regulatory requirements regarding data retention and disaster recovery.
Business Continuity: Prevents data loss, reducing downtime and operational impacts.
Cons:
Costs: Enabling backups incurs additional costs based on the size and frequency of backups.
Operational Complexity: Managing and monitoring backups for multiple tables might require additional resources.
Default Value:
By default, DynamoDB tables are not included in a backup plan. Backups need to be explicitly enabled for each table using On-Demand Backup or automated solutions like AWS Backup.
Pre-requisite:
AWS IAM Permissions:
dynamodb:ListTables
dynamodb:DescribeTable
dynamodb:CreateBackup
backup:ListBackupJobs
AWS CLI installed and configured.
DynamoDB Table created or in the process of being created.
Test Plan:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to DynamoDB under Services.
In the DynamoDB Console, go to Backups.
Review the list of DynamoDB backups to confirm whether the desired tables are included in a backup plan.
If backups are not listed for a table, ensure the table is added to the backup plan.
Check if On-Demand Backup has been configured for the table or if it’s part of a scheduled backup solution.
Using AWS CLI:
To check if backups are enabled for a specific DynamoDB table, run:
aws dynamodb list-backups --table-name <table-name> --query 'BackupSummaries[*].BackupArn'
This will return the BackupArn if backups are enabled.
To list all DynamoDB backups, run:
aws dynamodb list-backups --query 'BackupSummaries[*].BackupArn'
Implementation Steps:
Using AWS Console:
Sign in to the AWS Management Console and navigate to DynamoDB.
In the DynamoDB Console, go to the Backups section.
Create a backup plan for DynamoDB tables:
Choose Create backup to create a manual backup.
If using AWS Backup, integrate DynamoDB with AWS Backup for automated backups.
Verify that the DynamoDB tables are included in the backup plan. Enable on-demand backups for individual tables or configure an automated backup schedule.
Using AWS CLI:
To enable on-demand backup for a table, run:
aws dynamodb create-backup --table-name <table-name> --backup-name <backup-name>
If using AWS Backup, create a backup plan using:
aws backup create-backup-plan --backup-plan <backup-plan>
Verify that the table is part of the backup plan by running:
aws backup list-backup-jobs --by-resource-arn <table-arn>
Backout Plan:
Using AWS Console:
If including the table in the backup plan causes issues, sign in to the AWS Management Console.
Navigate to AWS Backup and remove the DynamoDB table from the backup plan.
Delete the backup plan if it is no longer needed.
Using AWS CLI:
To remove the DynamoDB table from the backup plan, run the following command:
aws backup disassociate-resource --backup-plan-id <BACKUP_PLAN_ID> --resource-arn <TABLE_RESOURCE_ARN> --region <REGION>
To delete the backup plan entirely:
aws backup delete-backup-plan --backup-plan-id <BACKUP_PLAN_ID> --region <REGION>