For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/security/code_security/iac_security/iac_rules/cloudformation-aws-dynamodb-table-point-in-time-recovery-disabled.md.
A documentation index is available at /llms.txt.
DynamoDB tables must have point-in-time recovery (PITR) enabled to allow restoration to a prior consistent state after accidental deletes, overwrites, or data corruption. Without PITR, you cannot restore to recent points in time, increasing the risk of permanent data loss and extended recovery time. Check AWS::DynamoDB::Table resources and ensure the Properties.PointInTimeRecoverySpecification.PointInTimeRecoveryEnabled property is defined and set to true. Resources missing PointInTimeRecoverySpecification, missing the PointInTimeRecoveryEnabled field, or with PointInTimeRecoveryEnabled set to false will be flagged.
{"Resources":{"DynamoDBOnDemandTable1":{"Type":"AWS::DynamoDB::Table","Properties":{"BillingMode":"PAY_PER_REQUEST","PointInTimeRecoverySpecification":{"PointInTimeRecoveryEnabled":true}}},"AWSTemplateFormatVersion":"2010-09-09","Description":"Sample CloudFormation template for DynamoDB with customer managed CMK"}}
{"Resources":{"DynamoDBOnDemandTable1":{"Type":"AWS::DynamoDB::Table","Properties":{"BillingMode":"PAY_PER_REQUEST","PointInTimeRecoverySpecification":{"PointInTimeRecoveryEnabled":false}}},"AWSTemplateFormatVersion":"2010-09-09","Description":"Sample CloudFormation template for DynamoDB with customer managed CMK"}}
1
2
rulesets:- CloudFormation / AWS # Rules to enforce / AWS.
Request a personalized demo
Get Started with Datadog
Ask AI
AI-generated responses may be inaccurate. Verify important info.
