<  Back to rules search

DynamoDB table is encrypted

dynamodb

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Implement server-side encryption for your AWS DynamoDB data.

Rationale

Server-side encryption, or encryption at rest, provides an additional layer of data protection by securing your data in an encrypted table. Encryption at rest integrates with AWS Key Management Service (KMS) to manage encryption keys that are used to encrypt these tables.

Remediation

Console

Follow the Managing Encrypted Tables in DynamoDB tutorial to learn how to create and update a table in the AWS Console.

CLI

Run create-table with a table configuration to create a new encrypted table. You can create an encrypted table with the default AWS owned CMK, AWS managed CMK, or customer managed CMK. Refer to the AWS documentation for examples of each configuration. For example:











create-table.sh

    aws dynamodb create-table
    --table-name your-table
    ...
    --sse-specification Enabled=true,SSEType=KMS,KMSMasterKeyId=abcd1234-abcd-1234-a123-ab1234a1b234