Ensure DynamoDB Table Encryption Rule

This rule ensures that DynamoDB tables have encryption enabled.

Rule	DynamoDB table should have encryption enabled
Framework	HIPAA
Severity	✔ Low

DynamoDB Table encryption for HIPAA Compliance

Rule Description

To ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA), encryption should be enabled for all data stored in the DynamoDB table. Encryption provides an additional layer of security to protect sensitive data and prevent unauthorized access or disclosure.

Troubleshooting Steps

If encryption is not enabled for the DynamoDB table, follow these troubleshooting steps to enable it:

1.
Check the table's encryption status by accessing the DynamoDB console or using the AWS CLI.

2.
Ensure that the IAM user or role used to access the DynamoDB table has the necessary permissions to enable encryption.

3.
Verify that the necessary encryption keys have been created or imported in AWS Key Management Service (KMS) for use with DynamoDB.

Necessary Codes

If encryption is not enabled for the DynamoDB table, use the following code to enable encryption:

import boto3

dynamodb_client = boto3.client('dynamodb')

response = dynamodb_client.update_table(
    TableName='your_table_name',
    SSESpecification={
        'Enabled': True,
        'SSEType': 'KMS',
        'KMSMasterKeyId': 'your_kms_key_id'
    }
)

Replace

'your_table_name'

with the actual name of your DynamoDB table and

'your_kms_key_id'

with the ID of the KMS key you want to use for encryption.

Step-by-Step Guide for Remediation

Follow the step-by-step guide below to enable encryption for the DynamoDB table:

1.
Open the DynamoDB console: https://console.aws.amazon.com/dynamodb

2.
Navigate to the desired DynamoDB table.

3.
Click on the "Actions" dropdown menu and select "Manage SSE".

4.
In the "Server-side encryption" section, click on the "Edit" button.

5.
Select "Enable encryption".

6.
Choose "KMS" as the encryption type.

7.
Choose or enter the KMS Key ID you want to use for encryption.

8.
Click on the "Save Changes" button to enable encryption for the DynamoDB table.

Alternatively, you can use the AWS CLI to enable encryption:

1.
Open the AWS CLI or terminal.

2.
Run the following command, replacing
```
'your_table_name'
```
with the actual name of your DynamoDB table and
```
'your_kms_key_id'
```
with the ID of the KMS key you want to use for encryption:

aws dynamodb update-table \
    --table-name your_table_name \
    --sse-specification Enabled=true,SSEType=KMS,KMSMasterKeyId=your_kms_key_id

1.
Verify the encryption status of the table by running the following command:

aws dynamodb describe-table --table-name your_table_name --query "Table.SSEDescription.Status"

The output should indicate that the encryption status is "ENABLED".

By following these steps, you can enable encryption for the DynamoDB table to ensure HIPAA compliance and protect sensitive data.

Ensure DynamoDB Table Encryption Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Codes

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description

Troubleshooting Steps

Necessary Codes

Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities?
Find Out Now