Image of custom vintage cars with a hidden Turbot logo

With heightened emphasis on security and encryption of data in the cloud, an often overlooked aspect of data protection is backup and recovery of your organizations data. In the cloud, developers have programmatic access to delete resources and a simple slip of the CLI can sometimes lead to unrecoverable data loss. Ensuring that backups are created and available in the cloud is critical to being able to recover in these circumstances.

This week we will look at how Turbot can automate enabling continuous backups with Point-in-Time Recovery of your Amazon DynamoDB tables.

Traditional Workflow

When database service capabilities were managed by central teams, developers didn't need to worry about backups. The owner of the ITSM service that managed their database ensured robust configuration and protection of enterprise data assets. Cloud databases have similar capabilities, albeit with the condition that the development team must elect to enable and configure the backup services, a configuration step that can be forgotten, or in some cases enabled and then turned off at later points in time. Monitoring the current configuration of all your databases and ensuring that they meet the organization's data retention and backup requirements should be an automated governance control for all cloud databases.

Get it done with Turbot

‚Äč In Turbot, Amazon DynamoDB Table guardrails are readily available to control your cloud resource configurations. We can set the Turbot automation AWS > DynamoDB > Table > Point-in-Time Recovery policy in just a few clicks:

Turbot policy setting dialog image

Setting the configuration via Turbot's Terraform provider is just as easy:

Image of terraform configuration file

Terraform template to set the AWS > DynamoDB > Table > Point-in-Time Recovery policy in Turbot.

After setting these policies, Turbot will identify all DynamoDB tables that are not enabled for point-in-time recovery, and then handle remediation (i.e. enable the configuration).

If you are not yet ready to enforce remediation, you can still assess the impact of this in your environment by setting the value to Check: Enabled at the Turbot level. In 'Check' mode Turbot will alarm on tables which do not have point-in-time recovery in place. After review of the alarms, selectively apply the enforcement settings or create exceptions as desired.

Given that continuous backups may not be appropriate for all tables (e.g. development), make use of Turbot's policy exceptions as necessary to achieve your desired compliance outcome across all environments.

Make it happen!

See for yourself how easy it is to manage your access logging configurations across your cloud resources. A ready-to-run Terraform template is available to enable this configuration from the Turbot Development Kit (TDK). If you need any assistance, please reach out to Turbot Support, and keep an eye on your inbox for another Turbot tip next week!