AWS-DynamoDB-DynamoDB-KMS-Encryption

Severity: High

Description: This control ensures that DynamoDB tables are encrypted using KMS Customer managed Key. Amazon DynamoDB is a key-value and document database that delivers single-digit millisecond performance at any scale. AWS DynamoDB provides encryption at rest through DEFAULT( DynamoDB managed key), KMS (Customer managed CMK), KMS (AWS managed CMK).

Remediation Steps:

Perform following to configure DynamoDB encryption with KMS :

1. Login to the AWS Management Console at https://console.aws.amazon.com

2. Navigate Go to DynamoDB console.

3. In the navigation pane on the left side of the console, choose Tables.

4. Choose the Table you want to update the encryption for.

5. In the Overview panel appeared on the right from Section Table details, click other settings and find the property Encryption info.

6. Click the Manage Encryption.

7. On the Manage Encryption window Select KMS - Customer managed CMK option choose your KMS key from the dropdown.

8. Click Save.

Important:

Reference:

• update-table — AWS CLI 1.36.0 Command Reference

• Data protection in DynamoDB - Amazon DynamoDB