Skip to main content
All CollectionsMonitoringTests
Test 301: AWS DynamoDB Point-in-Time Recovery Enabled
Test 301: AWS DynamoDB Point-in-Time Recovery Enabled

Drata validates that each DynamoDB table has point-in-time recovery status set to enabled.

Updated over 2 months ago

Drata validates that each DynamoDB table has point-in-time recovery status set to enabled.

Prerequisites

  • This test requires an additional permission: 'backup:ListRecoveryPointsByResource' which is not a default permission within the SecurityAudit policy on the DrataAutoPilot role.

    • To add the required permission to the DrataAutoPilot role.

      1. Navigate to the DrataAutoPilot role in IAM Console.

      2. Add an inline policy to the role.

      3. In the policy editor, choose JSON to add permissions manually and paste the following JSON for the backup:ListRecoveryPointsByResource permission needed for this test:

        {
        "Version": "2012-10-17",
        "Statement": [
        {
        "Effect": "Allow",
        "Action": [ "backup:ListRecoveryPointsByResource" ],
        "Resource": "*"
        }
        ]
        }
      4. Give this inline policy a name and add it to the DrataAutoPilot role.

ASSOCIATED DRATA CONTROL

This test is part of the System Monitoring (DCF-86) that ensures production systems and resources are monitored and automated alerts are sent out personnel based on pre-configured rules. Events are triaged to determine if they constitute an incident and escalated per policy if necessary.

WHAT TO DO IF A TEST FAILS

If Drata detects that it appears that one or more AWS DynamoDB tables do not have point-in-time recovery status set to enabled, your test will fail. To remediate a failed test:

1. Sign into the AWS Management console and navigate to DynamoDB.

2. Select a table that is failing this test.

3. Go to the 'Backups' tab and enable 'Point-In-Time Recovery' .

4. Confirm the action and repeat for each failing DynamoDB table.

Did this answer your question?