Skip to content

Files

Latest commit

 

History

History
51 lines (38 loc) · 1.08 KB

AWS086.md

File metadata and controls

51 lines (38 loc) · 1.08 KB

Pattern: Point in time recovery should be enabled to protect DynamoDB table

Issue: -

Description

DynamoDB tables should be protected against accidently or malicious write/delete actions by ensuring that there is adaquate protection.

By enabling point-in-time-recovery you can restore to a known point in the event of loss of data.

Resolution: Enable point in time recovery.

Examples

Example of incorrect code:

resource "aws_dynamodb_table" "bad_example" {
	name             = "example"
	hash_key         = "TestTableHashKey"
	billing_mode     = "PAY_PER_REQUEST"
	stream_enabled   = true
	stream_view_type = "NEW_AND_OLD_IMAGES"
  
	attribute {
	  name = "TestTableHashKey"
	  type = "S"
	}
}

Example of correct code:

resource "aws_dynamodb_table" "good_example" {
	name             = "example"
	hash_key         = "TestTableHashKey"
	billing_mode     = "PAY_PER_REQUEST"
	stream_enabled   = true
	stream_view_type = "NEW_AND_OLD_IMAGES"
  
	attribute {
	  name = "TestTableHashKey"
	  type = "S"
	}

	point_in_time_recovery {
		enabled = true
	}
}