Ensure that your AWS DynamoDB data at rest (tables, local secondary indexes, global secondary indexes and backups) is encrypted using Server-Side Encryption (SSE). The encryption process is using AWS-managed keys stored in AWS Key Management Service (KMS), adds no storage overhead and is completely transparent – you can insert, query, scan and delete items as before.
When Server-Side Encryption (also known as encryption at rest) is enabled for your Amazon DynamoDB tables, you can effortlessly use the service for security-sensitive applications with strict encryption compliance and regulatory requirements.
Note: As of February 2018, Server-Side Encryption for DynamoDB is generally available in US East (N. Virginia), US East (Ohio), US West (Oregon) and EU (Ireland) at no extra cost (only AWS KMS encryption key usage charges apply).
To determine if encryption at rest is enabled for your Amazon DynamoDB tables, perform the following actions:
Remediation / Resolution
To make use of Server-Side Encryption (SSE) feature for your new Amazon DynamoDB tables, perform the following actions:
- AWS Documentation
- Frequently Asked Questions About Amazon DynamoDB
- Amazon DynamoDB Encryption at Rest
- Creating a Table
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
DynamoDB Server-Side Encryption
Risk level: High