Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: DynamoDB Table Encrypted with AWS KMS

This rule ensures that DynamoDB tables are encrypted using AWS KMS for enhanced security measures.

RuleDynamoDB table should be encrypted with AWS KMS
FrameworkHIPAA
Severity
Medium

Rule Description: DynamoDB table encryption with AWS Key Management Service (KMS) for HIPAA compliance.

To comply with HIPAA regulations, DynamoDB tables should be encrypted with AWS Key Management Service (KMS). This helps protect sensitive healthcare data stored in the DynamoDB table, ensuring data confidentiality and integrity.

Troubleshooting Steps (if any):

If the DynamoDB table is not encrypted with AWS KMS, follow the steps below to troubleshoot and resolve the issue:

  1. 1.
    Check the encryption status of the DynamoDB table. Ensure that encryption is enabled.
  2. 2.
    Verify the AWS KMS key used for encryption. Make sure the key is properly configured and accessible.
  3. 3.
    Check the IAM policies and permissions associated with the DynamoDB table. The appropriate IAM role should have permissions to access the AWS KMS key.
  4. 4.
    Ensure that the AWS KMS key has the necessary permissions to encrypt/decrypt data in the DynamoDB table.
  5. 5.
    If the issue persists, it is recommended to contact AWS Support for further assistance.

Necessary Codes (if any):

There are no specific codes required for this rule. Encryption of DynamoDB tables with AWS KMS can be configured through the AWS Management Console or via AWS CLI.

Step-by-Step Guide for Remediation:

Follow the steps below to encrypt a DynamoDB table with AWS KMS:

  1. 1.
    Open the AWS Management Console and navigate to the DynamoDB service.
  2. 2.
    From the left sidebar, click on "Tables" to view all existing DynamoDB tables.
  3. 3.
    Select the desired table that needs to be encrypted.
  4. 4.
    Click on the "Encryption" tab in the table details view.
  5. 5.
    Choose "AWS Key Management Service (KMS)" as the encryption type.
  6. 6.
    Select an existing AWS KMS key or create a new one.
  7. 7.
    Configure the necessary encryption settings according to your requirements.
  8. 8.
    Click on the "Save" button to enable encryption for the DynamoDB table.
  9. 9.
    Wait for the encryption process to complete. This may take some time, depending on the size of the table.
  10. 10.
    Once the encryption is enabled, the DynamoDB table will be encrypted with AWS KMS, ensuring compliance with HIPAA regulations.

Please note that DynamoDB encryption with AWS KMS incurs additional costs associated with the AWS KMS key usage. Make sure to review the pricing details before enabling encryption.

For command-line interface (CLI) users, the encryption can also be enabled using AWS CLI commands. The following is an example command:

aws dynamodb update-table --table-name <table-name> --sse-specification Enabled=true --sse-type aws:kms --kms-master-key-id <kms-key-id>

Replace

<table-name>
with the name of the DynamoDB table and
<kms-key-id>
with the ARN or alias of the AWS KMS key to be used for encryption.

By following these steps, you can ensure that your DynamoDB table is encrypted with AWS KMS, meeting the HIPAA compliance requirements for data protection.

Is your System Free of Underlying Vulnerabilities?
Find Out Now