Ensure that your AWS DynamoDB data at rest (tables, local secondary indexes, global secondary indexes and backups) is encrypted using Server-Side Encryption (SSE). The encryption process is using AWS-managed keys stored in AWS Key Management Service (KMS), adds no storage overhead and is completely transparent – you can insert, query, scan and delete items as before.
When Server-Side Encryption (also known as encryption at rest) is enabled for your Amazon DynamoDB tables, you can effortlessly use the service for security-sensitive applications with strict encryption compliance and regulatory requirements. Note: As of February 2018, Server-Side Encryption for DynamoDB is generally available in US East (N. Virginia), US East (Ohio), US West (Oregon) and EU (Ireland) at no extra cost (only AWS KMS encryption key usage charges apply).
To determine if encryption at rest is enabled for your Amazon DynamoDB tables, perform the following actions:
To make use of Server-Side Encryption (SSE) feature for your new Amazon DynamoDB tables, perform the following actions: