AWS Config Rule: DynamoDB Last Backup Recovery Point Created

Description: Checks if a recovery point was created for Amazon DynamoDB Tables within the specified period. The rule is NON_COMPLIANT if the DynamoDB Table does not have a corresponding recovery point created within the specified time period.

Trigger type: Periodic

AWS Region: All supported AWS regions except China (Beijing), China (Ningxia), AWS GovCloud (US-East), AWS GovCloud (US-West), Asia Pacific (Jakarta), Asia Pacific (Osaka), Europe (Milan), Africa (Cape Town) Region

This AWS Config Rule will check each DynamoDB Table in your account, within each region too.

This AWS Config Rule takes two parameters when calculating wether or not you have a backup recovery point created within your time period, they are;

• recoveryPointAgeValue
• recoveryPointAgeUnit

By default, StackZone sets these to equate to one day - which means if you have a backup recovery point for your DynamoDB Table which is within the last day - you will show as COMPLIANT for this particular AWS Config Rule. If a backup recovery point does not exist within that timeframe, it will show as NON_COMPLIANT

To get to this point, you will need to incorporate AWS Backup. This StackZone Config Rule Article will show you how to create a Backup Plan for EBS Volumes and this StackZone article shows how you can use the Backup feature offered by StackZone, which may help you get Backup Standards up to scratch.

StackZone can automatically resolve your non-compliant DynamoDB Tables by running an automation script to enable enhanced monitoring for you.

To enable this remediation, within the StackZone console head on over to Baseline Services -> AWS Config Rules Regional -> Amazon RDS and enable DynamoDB Last Backup Recovery Point Remediation

Want to know more about StackZone and how to make your cloud management simple and secure?

Check our how it works section with easy to follow videos or just create your own StackZone Account here