DynamoDB Table Point In Time Recovery Disabled
- Query id: 0f04217d-488f-4e7a-bec8-f16159686cd6
- Query name: DynamoDB Table Point In Time Recovery Disabled
- Platform: CloudFormation
- Severity: Medium
- Category: Best Practices
- CWE: 710
- URL: Github
Description¶
It's considered a best practice to have point in time recovery enabled for DynamoDB Table
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
MyDynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
PointInTimeRecoverySpecification:
PointInTimeRecoveryEnabled: false
Positive test num. 2 - yaml file
Resources:
MyDynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
TableName: my-table
Positive test num. 3 - json file
{
"Resources": {
"DynamoDBOnDemandTable1": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"BillingMode": "PAY_PER_REQUEST",
"PointInTimeRecoverySpecification" : {
"PointInTimeRecoveryEnabled" : false
}
}
},
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Sample CloudFormation template for DynamoDB with customer managed CMK"
}
}
Positive test num. 4 - json file
Positive test num. 5 - yaml file
Positive test num. 6 - json file
{
"Resources": {
"DynamoDBOnDemandTable1": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"BillingMode": "PAY_PER_REQUEST",
"PointInTimeRecoverySpecification" : {}
}
},
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Sample CloudFormation template for DynamoDB with customer managed CMK"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - yaml file
Resources:
MyDynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
PointInTimeRecoverySpecification:
PointInTimeRecoveryEnabled: true
Negative test num. 2 - json file
{
"Resources": {
"DynamoDBOnDemandTable1": {
"Type": "AWS::DynamoDB::Table",
"Properties": {
"BillingMode": "PAY_PER_REQUEST",
"PointInTimeRecoverySpecification" : {
"PointInTimeRecoveryEnabled" : true
}
}
},
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Sample CloudFormation template for DynamoDB with customer managed CMK"
}
}