Ensure Amazon DynamoDB tables have continuous backups enabled

Continuous Backups in DynamoDB will prevent from loss of data and the features will include Global secondary indexes (GSIs), Local secondary indexes (LSIs), Streams, Provisioned read and write capacity. Restored table items are consistent with LSI projections and eventually consistent with GSI projections.

Risk Level: High
Cloud Entity: Amazon DynamoDB
CloudGuard Rule ID: D9.AWS.DR.04
Category: Database


DynamoDbTable should have continuousBackups.pointInTimeRecoveryDescription.pointInTimeRecoveryStatus='ENABLED'


From Portal

  1. Sign in to the AWS Management Console and open the DynamoDB console.
  2. In the navigation pane on the left side of the console, choose Tables.
  3. In the list of tables, choose the table you want to update backups
  4. Click on the Backups tab of the table,
  5. Click on edit tab under 'Point-in-time recovery (PITR)' section.
  6. Checkmark on 'Enable point-in-time-recovery' and click save changes.

From TF

resource "aws_dynamodb_table" "example" {
	point_in_time_recovery {
		enabled = true
	other required fields here

From Command Line
The following command update-continuous-backups enables point-in-time recovery for specific table.

aws dynamodb update-continuous-backups --table-name EXAMPLE_NAME --point-in-time-recovery-specification PointInTimeRecoveryEnabled=true


  1. https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/PointInTimeRecovery.html
  2. https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table
  3. https://awscli.amazonaws.com/v2/documentation/api/latest/reference/dynamodb/update-continuous-backups.html

Amazon DynamoDB

Amazon DynamoDB is a fast and flexible nonrelational database service for all applications that need consistent, single-digit millisecond latency at any scale. It is a fully managed cloud database and supports both document and key-value store models. Its flexible data model, reliable performance, and automatic scaling of throughput capacity make it a great fit for mobile, web, gaming, ad tech, IoT, and many other applications

Compliance Frameworks

  • AWS CloudGuard Best Practices
  • AWS CloudGuard SOC2 based on AICPA TSC 2017
  • AWS HITRUST v11.0.0
  • AWS ITSG-33
  • AWS MITRE ATT&CK Framework v10
  • AWS MITRE ATT&CK Framework v11.3
  • AWS NIST 800-53 Rev 5
  • AWS Security Risk Management