AWS086 - Point in time recovery should be enabled to protect DynamoDB table

Explanation

DynamoDB tables should be protected against accidently or malicious write/delete actions by ensuring that there is adaquate protection.

By enabling point-in-time-recovery you can restore to a known point in the event of loss of data.

Insecure Example

The following example will fail the AWS086 check.

resource "aws_dynamodb_table" "bad_example" {
	name             = "example"
	hash_key         = "TestTableHashKey"
	billing_mode     = "PAY_PER_REQUEST"
	stream_enabled   = true
	stream_view_type = "NEW_AND_OLD_IMAGES"
  
	attribute {
	  name = "TestTableHashKey"
	  type = "S"
	}
}

Secure Example

The following example will pass the AWS086 check.

resource "aws_dynamodb_table" "good_example" {
	name             = "example"
	hash_key         = "TestTableHashKey"
	billing_mode     = "PAY_PER_REQUEST"
	stream_enabled   = true
	stream_view_type = "NEW_AND_OLD_IMAGES"
  
	attribute {
	  name = "TestTableHashKey"
	  type = "S"
	}

	point_in_time_recovery {
		enabled = true
	}
}