Description
This policy identifies AWS DynamoDB Tables that are not protected by Point-in-Time Recovery (PITR), an AWS Backup plan, or on-demand backups.
Point-in-Time Recovery is a fully managed, continuous backup feature that captures all changes to table data, enabling recovery to any second within the preceding 35-day retention window. PITR protects against accidental writes, deletions, and data corruption by allowing precise, time-based restoration.
Rationaleβ
Enabling PITR provides an automated and resilient data protection mechanism without requiring manual backup workflows or third-party solutions. This capability improves data durability and reduces the Recovery Time Objective (RTO) in the event of data loss, operational errors, or unintended changes.
Impactβ
Enabling PITR incurs additional charges based on the total size of the DynamoDB table, including table data and any associated local secondary indexes.
Auditβ
This policy flags an AWS DynamoDB Table as INCOMPLIANT if the Point-in-Time Recovery Status is set to DISABLED.
DynamoDB Tables that are protected by an AWS Backup plan or on-demand backup processes are marked as INAPPLICABLE and are evaluated under the AWS DynamoDB Table does not use on-demand backups policy.
If a DynamoDB Table is not in an ACTIVE state, it is marked as INAPPLICABLE.