MEDIUM
Source
Trivy
ID
AVD-AWS-0024

Point in time recovery should be enabled to protect DynamoDB table

DynamoDB tables should be protected against accidentally or malicious write/delete actions by ensuring that there is adequate protection.

By enabling point-in-time-recovery you can restore to a known point in the event of loss of data.

Impact

Accidental or malicious writes and deletes can’t be rolled back

Follow the appropriate remediation steps below to resolve the issue.

Enable point in time recovery

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
resource "aws_dynamodb_table" "good_example" {
  name             = "example"
  hash_key         = "TestTableHashKey"
  billing_mode     = "PAY_PER_REQUEST"
  stream_enabled   = true
  stream_view_type = "NEW_AND_OLD_IMAGES"
  
  attribute {
    name = "TestTableHashKey"
    type = "S"
  }
  
  point_in_time_recovery {
    enabled = true
  }
}