PlatformResourcesSign inSign Up

Ensure Dynamodb point in time recovery is enabled for global tables

Error: Dynamodb point in time recovery is not enabled for global tables

Bridgecrew Policy ID: BC_AWS_GENERAL_88
Checkov Check ID: CKV_AWS_165
Severity: MEDIUM

Suggest Edits

Dynamodb point in time recovery is not enabled for global tables

Description

Enabling point-in-time recovery (PITR) for Amazon DynamoDB global tables can help to protect against data loss due to accidental write or delete operations, or due to data corruption. With PITR enabled, you can restore a global table to any point in time within the specified recovery window (typically up to 35 days). This can be helpful if you need to undo unintended changes or recover from data corruption.

Fix - Buildtime

CloudFormation

  • Resource: AWS::DynamoDB::GlobalTable
  • Argument: Properties.DistributionConfig.Logging/Bucket
Resources:
  MyCloudFrontDistribution:
    Type: AWS::DynamoDB::GlobalTable
    Properties: 
            ...
      Replicas: 
+       - PointInTimeRecoverySpecification: 
+           - PointInTimeRecoveryEnabled

Updated 5 months ago