How To

DynamoDB table backup

Automatically enable continuous backups with point-in-time recovery of your DynamoDB Tables.

Turbot Team
5 min. read - May 24, 2021
Automatically enable continuous backups with point-in-time recovery of your DynamoDB Tables.

With heightened emphasis on security and encryption of data in the cloud, an often overlooked aspect of data protection is backup and recovery of your organizations data. In the cloud, developers have programmatic access to delete resources and a simple slip of the CLI can sometimes lead to unrecoverable data loss. Ensuring that backups are created and available in the cloud is critical to being able to recover in these circumstances.

This post looks at how Turbot Guardrails can automate enabling continuous backups with Point-in-Time Recovery of your Amazon DynamoDB tables.

Traditional Workflow

When database service capabilities were managed by central teams, developers didn't need to worry about backups. The owner of the ITSM service that managed their database ensured robust configuration and protection of enterprise data assets. Cloud databases have similar capabilities, albeit with the condition that the development team must elect to enable and configure the backup services, a configuration step that can be forgotten, or in some cases enabled and then turned off at later points in time. Monitoring the current configuration of all your databases and ensuring that they meet the organization's data retention and backup requirements should be an automated governance control for all cloud databases.

Get it done with Turbot Guardrails

ā€‹ In Turbot Guardrails, Amazon DynamoDB Table guardrails are readily available to control your cloud resource configurations. We can set the Turbot Guardrails automation AWS > DynamoDB > Table > Point-in-Time Recovery policy in just a few clicks:

Setting the configuration via Turbot Guardrails Terraform Provider is just as easy:

Terraform template to set the AWS > DynamoDB > Table > Point-in-Time Recovery policy in Turbot Guardrails.

After setting these policies, Turbot Guardrails will identify all DynamoDB tables that are not enabled for point-in-time recovery, and then handle remediation (i.e. enable the configuration).

If you are not yet ready to enforce remediation, you can still assess the impact of this in your environment by setting the value to Check: Enabled at the Turbot level. In 'Check' mode Turbot Guardrails will alarm on tables which do not have point-in-time recovery in place. After review of the alarms, selectively apply the enforcement settings or create exceptions as desired.

Given that continuous backups may not be appropriate for all tables (e.g. development), make use of Turbot Guardrails policy exceptions as necessary to achieve your desired compliance outcome across all environments.

Make it happen!

See for yourself how easy it is to manage your access logging configurations across your cloud resources. A ready-to-run Terraform template is available to enable this configuration from the Turbot Development Kit (TDK). If you need any assistance, let us know in our Slack community #guardrails channel. If you are new to Turbot, connect with us to learn more!