Profile Applicability:
- Level 1
Description:
Amazon DynamoDB is a fully managed NoSQL database service that supports both document and key-value data structures. Point-in-Time Recovery (PITR) is a feature in DynamoDB that enables you to restore your tables to any point in time within the last 35 days. This SOP ensures that PITR is enabled for DynamoDB tables, which provides a safeguard against accidental writes or deletions, allowing you to restore the state of your data at any specific point in time.
Rationale:
Data Protection: Enabling PITR protects against accidental or malicious data changes, such as deletes or writes, and allows recovery of data.
Disaster Recovery: PITR serves as a backup strategy for DynamoDB tables, ensuring that data can be restored to any given point within the retention period.
Compliance: In regulated environments, having the ability to recover data to a previous state can help meet compliance and auditing requirements.
Impact:
Pros:
Data Recovery: Enables recovery of lost or corrupted data.
Business Continuity: Provides an additional layer of data protection for critical applications.
Easy Access: Allows quick and simple restoration of DynamoDB tables to a specific point in time.
Cons:
Cost: Enabling PITR incurs additional charges based on the amount of data stored and the frequency of backups.
Retention Limit: PITR data can only be restored to a point within the last 35 days, limiting the recovery window.
Default Value:
By default, Point-in-Time Recovery (PITR) is disabled for DynamoDB tables. You need to explicitly enable it to ensure data recovery capabilities.
Pre-requisite:
AWS IAM Permissions:
dynamodb:DescribeTable
dynamodb:UpdateTable
AWS CLI installed and configured.
DynamoDB Table already created or in the process of being created.
Remediation:
Test Plan:
Using AWS Console:
Sign in to the AWS Management Console.
Navigate to DynamoDB under Services.
In the DynamoDB Console, go to Tables and select the table you want to check.
In the Table details section, check the Point-in-Time Recovery setting:
If enabled, you will see the PITR status as “Enabled”.
If disabled, the status will be “Disabled”.
Using AWS CLI:
To check if PITR is enabled for a specific table, run:
aws dynamodb describe-table --table-name <table-name> --query "Table.PointInTimeRecovery.Status
If the result is ENABLED, then PITR is enabled. If the result is DISABLED, then PITR is not enabled.
Implementation Steps:
Using AWS Console:
Sign in to the AWS Management Console and navigate to DynamoDB.
Select Tables from the left panel and choose the table for which you want to enable PITR.
In the Table details section, click on Backups.
Click on Enable Point-in-Time Recovery.
Confirm that PITR is enabled and review the associated costs.
Save the changes.
Using AWS CLI:
To enable PITR on a DynamoDB table, run the following command:
aws dynamodb update-table --table-name <table-name> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
To verify that PITR is enabled, run:
aws dynamodb describe-table --table-name <table-name> --query "Table.PointInTimeRecovery.Status"
Backout Plan:
Using AWS Console:
If enabling PITR causes issues, sign in to the AWS Management Console.
Navigate to DynamoDB, select the table, and go to Edit settings.
Disable Point-in-Time Recovery and save the changes.
Using AWS CLI:
To disable Point-in-Time Recovery for a DynamoDB table, run the following command:
aws dynamodb update-table --table-name <TABLE_NAME> --point-in-time-recovery-specification PointInTimeRecoveryEnabled=false --region <REGION>Verify that PITR is now disabled by describing the table again:
aws dynamodb describe-table --table-name <TABLE_NAME> --region <REGION>