Sufficient Backup Retention Period

01 Sign in to the AWS Management Console.

02 Navigate to Amazon DynamoDB console available at https://console.aws.amazon.com/dynamodbv2/.

03 In the main navigation panel, under Dashboard, choose Tables.

04 Click on the name of the Amazon DynamoDB table that you want to examine.

05 Select the Backups tab to access the backup settings available for the selected table.

06 Click on the name (link) of the DynamoDB table backup that you want to examine. A backup managed by AWS Backup has the Type attribute set to AWS_BACKUP.

07 In the Backup job summary section, check the Expiration attribute value to determine the backup retention period configured for the selected backup.

08 Sign in to your Trend Micro Cloud One™ – Conformity account, access the Sufficient Backup Retention Period rule settings and compare the retention period found at the previous step against the one set within the rule configuration. If the retention period configured for your backup is less than the one defined in your Conformity account, the selected DynamoDB table backup does not have a sufficient data retention period configured for compliance purposes.

09 Repeat steps no. 6 – 8 for each data backup created for the selected DynamoDB table.

10 Repeat steps no. 4 – 9 for each Amazon DynamoDB table available within the current AWS region.

11 Change the AWS cloud region from the navigation bar and repeat the Audit process for other regions.

01 Sign in to the AWS Management Console.

02 Navigate to Amazon DynamoDB console available at https://console.aws.amazon.com/dynamodbv2/.

03 In the main navigation panel, under Dashboard, choose Tables.

04 Click on the name of the Amazon DynamoDB table that you want to access.

05 Select the Backups tab to access the backup settings available for the selected table.

06 For existing backups, select the DynamoDB table backup that you want to update, choose Copy, and select Copy in AWS Backup. A backup managed by AWS Backup has the Type attribute set to AWS_BACKUP.

07 Choose the appropriate AWS cloud region from the Region dropdown list and select a sufficient and optimal backup retention period using the Total retention period controls, in accordance with the retention period specified in the conformity rule settings, in your Trend Micro Cloud One™ – Conformity account. Choose Copy to make a copy and extend the backup retention period for the selected backup.

08 For new backups, choose Create backup, and select Create on-demand backup to initiate the backup process.

09 On the Create on-demand backup page, perform the following actions:

1. If the backup advanced features are not displayed, select Go to backup settings and choose Turn on from the Backup settings section. Choose Turn on feature to enable advanced features such as cross-account copy, cross-region copy, cost allocation tags, and cold storage tiering. If the backup advanced features are enabled, skip this step.
2. Select the DynamoDB table that you want to back up from the Source table box.
3. Choose Customize settings for custom backup settings.
4. Select Backup with AWS Backup for Backup management.
5. Use the Retention period controls to select a sufficient backup retention period in accordance with the retention period specified in the conformity rule settings, in your Trend Micro Cloud One™ – Conformity account.
6. Configure other advanced settings such as backup window, transition to cold storage, the backup vault used for storage, and the IAM role required for backup operations, to fit your requirements.
7. (Optional) In the Tags - optional section, choose Add new tag to create tag sets for your new resource.
8. Choose Create backup to create your new DynamoDB table backup.

10 Repeat steps no. 6 – 9 for each data backup created for the selected DynamoDB table.

11 Repeat steps no. 4 – 10 for each Amazon DynamoDB table that you want to back up, available in the current AWS region.

12 Change the AWS cloud region from the navigation bar and repeat the Remediation process for other regions.