Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: DynamoDB Table Encryption Enabled

Ensure encryption is enabled for DynamoDB tables for improved security

RuleDynamoDB table should have encryption enabled
FrameworkGeneral Data Protection Regulation (GDPR)
Severity
Low

Rule Description

To comply with the General Data Protection Regulation (GDPR), DynamoDB tables should have encryption enabled. Encryption ensures that data stored in the DynamoDB table is protected from unauthorized access and helps to maintain the privacy and confidentiality of the stored data.

Troubleshooting Steps

If encryption is not enabled for the DynamoDB table, follow these troubleshooting steps to enable it:

  2. 1.

    Check the encryption status of the table by navigating to the DynamoDB console.

  4. 2.

    If encryption is not enabled, identify the key management service (KMS) key that will be used for encryption. Ensure that the KMS key is setup and accessible by the DynamoDB service.

  6. 3.

    Enable encryption for the DynamoDB table using the appropriate API or CLI command (detailed steps provided below).

  8. 4.

    Verify the encryption status of the table to ensure that it has been successfully enabled.

Necessary Code

The following CLI command can be used to enable encryption for a DynamoDB table:

aws dynamodb update-table --table-name <table-name> --sse-specification Enabled=true --sse-type KMS --kms-master-key-id <kms-key-id>

Replace 

<table-name>
with the actual name of the DynamoDB table and 
<kms-key-id>
with the arn or alias of the KMS key you want to use for encryption.

Step-by-Step Guide for Remediation

Follow these step-by-step instructions to enable encryption for a DynamoDB table:

  2. 1.

    Open the AWS Management Console and navigate to the DynamoDB service.

  4. 2.

    In the DynamoDB console, select the desired table for encryption.

  6. 3.

    Click on the "Actions" dropdown menu and select "Manage KMS Keys".

  8. 4.

    Choose the appropriate KMS key that will be used for encryption. If no key exists, create a new KMS key and make sure it is accessible by the DynamoDB service.

  10. 5.

    Go back to the table details page and click on the "Actions" dropdown menu again.

  12. 6.

    Select "Manage Encryption" to open the encryption settings for the table.

  14. 7.

    Ensure that the "Enable encryption" option is selected.

  16. 8.

    Choose the KMS key you selected or created in the previous step from the "KMS key" dropdown menu.

  18. 9.

    Click on the "Save" button to enable encryption for the DynamoDB table.

  20. 10.

    Verify the encryption status of the table by checking the "Encryption" field in the DynamoDB console. It should now show as enabled.

By following these steps, you have successfully enabled encryption for the DynamoDB table, ensuring compliance with the GDPR requirements.

Is your System Free of Underlying Vulnerabilities?
Find Out Now