Triage AWS DynamoDB Tables should have Deletion Protection enabled TABLE_DELETION_PROTECTION_NOT_ENABLED
Quick Links
- Configure AWS DynamoDB Tables should have Deletion Protection enabled
- Use Case for AWS DynamoDB Tables should have Deletion Protection enabled
- Triage Guides by Violation Type
Triage Guide: Table Deletion Protection Not Enabled
Understand
Why should I care about fixing this issue?
Deletion protection prevents accidental or malicious deletion of your DynamoDB tables, ensuring data integrity and availability. Without it, your data is at risk.
Validate
How am I sure that this alert is true and accurate?
Check the DeletionProtectionEnabled attribute for the specified DynamoDB table. This policy checks this attribute and triggers a violation if it is false.
What is the data source for this policy? How do I retrieve it manually?
The data source is the DynamoDB table's configuration. You can retrieve it manually using the AWS Management Console or AWS CLI with the describe-table command.
Does this policy scan on a schedule or is it Reactive? If so, when?
This policy is reactive and triggers based on changes to the deletion protection status.
Triage
What is the impact if it is unfixed? Does this problem get worse over time if it is unaddressed?
If unfixed, your DynamoDB table is at risk of accidental or unauthorized deletion, which could lead to data loss and service disruption.
Can remediation cause outages or downtime to any other running service?
No, enabling deletion protection does not cause outages or downtime.
Act
What do I do to fix this alarm?
Enable deletion protection for the DynamoDB table using the AWS Management Console, AWS CLI, or SDK.
Reflect
What should I do if this alarm wasn't a good use of time?
Consider adjusting the policy thresholds or disabling the policy if it is not relevant to your use case.