Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: DynamoDB Table Encrypted with AWS KMS

This rule ensures DynamoDB tables are encrypted with AWS KMS for enhanced security measures.

RuleDynamoDB table should be encrypted with AWS KMS
FrameworkNIST 800-53 Revision 5
Severity
Medium

Rule Description

To comply with the NIST (National Institute of Standards and Technology) 800-53 Revision 5 security requirements, DynamoDB tables should be encrypted using AWS KMS (Key Management Service). Encryption ensures that data-at-rest in DynamoDB is safeguarded from unauthorized access or potential data breaches.

Troubleshooting Steps

If the DynamoDB table is not encrypted with AWS KMS, the following troubleshooting steps can be followed:

  1. 1.
    Verify AWS KMS Encryption: Check if AWS KMS encryption is enabled for the DynamoDB table.
  2. 2.
    Identify Encryption Key: Ensure that the correct AWS KMS encryption key is being used for the DynamoDB table.
  3. 3.
    Verify IAM Permissions: Verify that the IAM (Identity and Access Management) policies for the relevant IAM roles provide the necessary permissions to encrypt the DynamoDB table using AWS KMS.
  4. 4.
    Check for Encryption Errors: Review the AWS CloudTrail logs or Amazon CloudWatch logs for any encryption-related errors or warnings that could indicate issues with encryption.

Necessary Codes

No specific codes are required for this rule. However, appropriate IAM policies need to be created to allow encryption operations using AWS KMS.

Step-by-Step Guide for Remediation

Follow the steps below to ensure DynamoDB tables are encrypted with AWS KMS:

  1. 1.
    Login to the AWS Management Console.
  2. 2.
    Navigate to the DynamoDB service.
  3. 3.
    Select the desired DynamoDB table that needs to be encrypted.
  4. 4.
    Click on the "Encryption" tab.
  5. 5.
    Ensure that the "Encryption at rest" option is enabled.
  6. 6.
    Select the appropriate AWS KMS key for encryption.
  7. 7.
    Save the configuration to enable encryption for the DynamoDB table.

Additional Considerations

  • Regularly review and audit encryption settings for DynamoDB tables to ensure compliance with security requirements.
  • Ensure that appropriate IAM roles and permissions are in place to allow encryption operations.
  • Keep track of any changes made to encryption settings and monitor CloudTrail logs for any anomalies or unauthorized modifications.

Is your System Free of Underlying Vulnerabilities?
Find Out Now