drarnold
commented
1 year ago Currently located here within the codebase: https://github.com/aws-ia/terraform-aws-control_tower_account_factory/blob/main/modules/aft-backend/main.tf#L261
Open drarnold opened 1 year ago
drarnold
commented
1 year ago Currently located here within the codebase: https://github.com/aws-ia/terraform-aws-control_tower_account_factory/blob/main/modules/aft-backend/main.tf#L261
Describe the outcome you'd like
We would like the DynamoDB Table (specifically the
lock-tableresource to have point_in_time_recovery enabled. This will allow us to initially pass the AWS SecurityHub - AWS Foundational Security Best Practices v1.0.0 - [DynamoDB.2] DynamoDB tables should have point-in-time recovery enabled Control.Is your feature request related to a problem you are currently experiencing? If so, please describe.
Yes, this is currently a feature that I am experiencing with my account. We deployed the AWS Control Tower Account Factory solution within our main AWS account and noticed that the initial finding of DynamoDB.2 was present within the AWS Foundational Security Best Practices v1.0.0 ruleset. This can be solved by enabling the point_in_time_recovery variable within the Terraform code to allow this during initial deployment.
Additional context
N/A