feat: added test for DynamoDB table (#38)

stefanfreitag · Jul 26, 2023 · 6926511 · 6926511
1 parent 4f541ed
commit 6926511
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/docs/features.md b/docs/features.md
@@ -1,5 +1,7 @@
 # Features
 
+## S3 Bucket
+
 - [[S3.2] S3 buckets should prohibit public read access](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-2)
 - [[S3.3] S3 buckets should prohibit public write access](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-3)
 - [[S3.4] S3 buckets should have server-side encryption enabled](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-4)
@@ -8,3 +10,7 @@
 - A lifecycle policy for non-current versions of objects  
   [[S3.10] S3 buckets with versioning enabled should have lifecycle policies configured](https://docs.aws.amazon.com/securityhub/latest/userguide/s3-controls.html#s3-10)
 - Enforcing that the bucket owner owns every object in the bucket.
+
+## DynamoDB Table
+
+- [[DynamoDB.2] DynamoDB tables should have point-in-time recovery enabled](https://docs.aws.amazon.com/securityhub/latest/userguide/dynamodb-controls.html#dynamodb-2)
diff --git a/test/terraformStateBackend.test.ts b/test/terraformStateBackend.test.ts
@@ -222,4 +222,15 @@ describe('DynamoDB Configuration', () => {
       },
     );
   });
+
+  test('[DynamoDB.2] DynamoDB tables should have point-in-time recovery enabled', () => {
+    assertions.Template.fromStack(stack).hasResourceProperties(
+      'AWS::DynamoDB::Table',
+      {
+        PointInTimeRecoverySpecification: {
+          PointInTimeRecoveryEnabled: true,
+        },
+      },
+    );
+  });
 });