AWS Introduction
AWS Pricing
AWS Threats
AWS Misconfigurations
- Getting Started with AWS Audit
- Permissions required for Misconfigurations Detection
- API Gateway Audit
- Cloudformation Audit
- CloudFront Audit
- CloudTrail Audit
- Cloudwatch Audit
- DynamoDB Audit
- EC2 Audit
- Elastic Search Audit
- ELB Audit
- IAM Audit
- KMS Audit
- Kubernetes Audit
- Lambda Audit
- RDS Audit
- Redshift Audit
- Route53 Audit
- S3 Audit
- Security Groups Audit
- SES Audit
- SNS Audit
- IAM Deep Dive
- App Sync Audit
- Code Build Audit
- Open Search Audit
- Shield Audit
- SQS Audit
DynomDB Tables Should Have Continuous Backup Enabled
More Info:
DynamoDB table without backup can result in accidental data loss. Your AWS DynamoDB tables should make use of Point-in-time Recovery (PITR) feature in order to automatically take continuous backups of your DynamoDB data.
Risk Level
Informational
Address
Reliability, Security
Compliance Standards
HIPAA, NIST, SOC2, ISO27001, HITRUST, AWSWAF, NISTCSF
Triage and Remediation
Remediation
To remediate the misconfiguration of DynamoDB tables not having continuous backup enabled in AWS using the AWS Management Console, follow these steps:
-
Login to AWS Console: Go to the AWS Management Console (https://aws.amazon.com/) and log in to your account.
-
Navigate to DynamoDB: Click on the “Services” dropdown menu at the top of the page, then select “DynamoDB” under the “Database” section.
-
Select the Table: From the DynamoDB dashboard, select the table for which you want to enable continuous backups by clicking on its name.
-
Go to Backup Tab: In the table details page, click on the “Backup” tab located in the top menu.
-
Enable Continuous Backup: In the “Backup” tab, you will see an option to enable continuous backups. Click on the “Edit” button next to “Continuous Backups” to modify the settings.
-
Enable Backup: In the “Edit continuous backups” window, enable the “On” option to turn on continuous backups for the selected table. You can also set the backup retention period as per your requirement.
-
Save Changes: After enabling continuous backups and setting the retention period, click on the “Save changes” button to apply the configuration.
-
Verification: Once saved, you should see a message confirming that continuous backups have been enabled for the DynamoDB table.
By following these steps, you have successfully remediated the misconfiguration of DynamoDB tables not having continuous backups enabled in AWS using the AWS Management Console.
To remediate the misconfiguration of not having continuous backup enabled for an AWS DynamoDB table using AWS CLI, you can follow these steps:
- List all the DynamoDB tables to identify the table that needs to have continuous backup enabled:
aws dynamodb list-tables
- Enable continuous backups for the identified DynamoDB table using the following command:
aws dynamodb update-continuous-backups --table-name YOUR_TABLE_NAME --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true
Replace YOUR_TABLE_NAME with the name of the DynamoDB table for which you want to enable continuous backups.
- Verify that continuous backups have been enabled for the table by describing the table:
aws dynamodb describe-continuous-backups --table-name YOUR_TABLE_NAME
Make sure that the PointInTimeRecoverySpecification shows PointInTimeRecoveryEnabled: true for the table.
By following these steps, you can successfully remediate the misconfiguration of not having continuous backup enabled for an AWS DynamoDB table using AWS CLI.
To remediate the misconfiguration of not having continuous backup enabled for AWS DynamoDB tables using Python, you can follow these steps:
-
Install the AWS SDK for Python (Boto3) if you haven’t already. You can install it using pip:
pip install boto3 -
Use the following Python script to enable continuous backups for a DynamoDB table:
import boto3
# Initialize the DynamoDB client
dynamodb = boto3.client('dynamodb')
# Specify the name of the DynamoDB table for which you want to enable continuous backups
table_name = 'YOUR_TABLE_NAME'
# Enable continuous backups for the specified DynamoDB table
response = dynamodb.update_continuous_backups(
TableName=table_name,
PointInTimeRecoverySpecification={
'PointInTimeRecoveryEnabled': True
}
)
# Print the response
print(response)
-
Replace
'YOUR_TABLE_NAME'with the actual name of the DynamoDB table for which you want to enable continuous backups. -
Run the Python script. It will enable continuous backups for the specified DynamoDB table.
After following these steps, continuous backups will be enabled for the specified DynamoDB table, thereby remediating the misconfiguration.