Using Amazon Backup with DynamoDB - Amazon DynamoDB
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Using Amazon Backup with DynamoDB

Amazon DynamoDB can help you meet regulatory compliance and business continuity requirements through enhanced backup features in Amazon Backup. Amazon Backup is a fully managed data protection service that makes it easy to centralize and automate backups across Amazon services, in the cloud, and on premises. Using this service, you can configure backup policies and monitor activity for your Amazon resources in one place. To use Amazon Backup, you must affirmatively opt-in. Opt-in choices apply to the specific account and Amazon Region, so you might have to opt in to multiple Regions using the same account. For more information, see the Amazon Backup Developer Guide.

Amazon DynamoDB is natively integrated with Amazon Backup. You can use Amazon Backup to schedule, copy, tag and life cycle your DynamoDB on-demand backups automatically. You can continue to view and restore these backups from the DynamoDB console. You can use the DynamoDB console, API, and Amazon Command Line Interface (Amazon CLI) to enable automatic backups for your DynamoDB tables.

Note

Any backups made through DynamoDB will remain unchanged. You will still be able to create backups through the current DynamoDB workflow.

Enhanced backup features available through Amazon Backup include:

Scheduled backups - You can set up regularly scheduled backups of your DynamoDB tables using backup plans.

Cross-account and cross-Region copying - You can automatically copy your backups to another backup vault in a different Amazon Region or account, which allows you to support your data protection requirements.

Cold storage tiering - You can configure your backups to implement life cycle rules to delete or transition backups to colder storage. This can help you optimize your backup costs.

Tags - You can automatically tag your backups for billing and cost allocation purposes.

Encryption – DynamoDB on-demand backups managed through Amazon Backup are now stored in the Amazon Backup vault. This allows you to encrypt and secure your backups by using an Amazon KMS key that is independent from your DynamoDB table encryption key.

Audit backups – You can use Amazon Backup Audit Manager to audit the compliance of your Amazon Backup policies and to find backup activity and resources that are not yet compliant with the controls that you defined. You can also use it to automatically generate an audit trail of daily and on-demand reports for your backup governance purposes.

Secure backups using the WORM model – You can use Amazon Backup Vault Lock to enable a write-once-read-many (WORM) setting for your backups. With Amazon Backup Vault Lock, you can add an additional layer of defense that protects backups from inadvertent or malicious delete operations, changes to backup retention periods, and updates to lifecycle settings. To learn more, see Amazon Backup Vault Lock.

These enhanced backup features are available in all Amazon Regions. To learn more about these features, see the Amazon Backup Developer Guide.