<  Back to rules search

DynamoDB table is encrypted

dynamodb

Description

Implement server-side encryption for your AWS DynamoDB data.

Rationale

Server-side encryption, or encryption at rest, provides an additional layer of data protection by securing your data in an encrypted table. Encryption at rest integrates with AWS Key Management Service (KMS) to manage encryption keys that are used to encrypt these tables.

Remediation

From the console

Follow the Managing Encrypted Tables in DynamoDB tutorial to learn how to create and update a table in the AWS Console.

From the command line

Run create-table with a table configuration to create a new encrypted table. You can create an encrypted table with the default AWS owned CMK, AWS managed CMK, or customer managed CMK. Refer to the AWS documentation for examples of each configuration. For example:

aws dynamodb create-table
--table-name your-table
...
--sse-specification Enabled=true,SSEType=KMS,KMSMasterKeyId=abcd1234-abcd-1234-a123-ab1234a1b234