Ensure DynamoDB Table Encryption with AWS KMS Rule

This rule checks if the DynamoDB table is properly encrypted using AWS KMS.

Rule	DynamoDB table should be encrypted with AWS KMS
Framework	NIST 800-53 Revision 5
Severity	✔ Medium

Rule Description: DynamoDB table should be encrypted with AWS KMS for NIST 800-53 Revision 5

This rule enforces that all DynamoDB tables within an AWS account must be encrypted using AWS Key Management Service (AWS KMS) with compliance to NIST 800-53 Revision 5 security standards. DynamoDB is a fully managed NoSQL database service provided by AWS. By encrypting DynamoDB tables with AWS KMS, data at rest is protected against unauthorized access and meets the required security controls defined by NIST 800-53 Revision 5.

Troubleshooting Steps:

If a DynamoDB table is not encrypted with AWS KMS, you can follow these troubleshooting steps to ensure encryption compliance:

1.

Verify Encryption Status: Check the encryption status of the DynamoDB table in question. You can do this by going to the DynamoDB console, selecting the table, and looking for the encryption attribute.

2.
Enable Encryption with AWS KMS: If encryption is not enabled, you need to configure encryption with AWS KMS. This can be done by taking the following steps:
- Go to the AWS KMS console.
- Create an encryption key or use an existing key that complies with NIST 800-53 Revision 5.
- Go back to the DynamoDB console.
- Select the table that needs to be encrypted.
- Click on "Manage" near the "Encryption" attribute.
- Choose the AWS KMS encryption key you created or select an appropriate key.
- Enable encryption for the table.

3.

Verify Compliance: After enabling encryption, verify that the DynamoDB table is now encrypted with AWS KMS. You should see the encryption attribute reflecting the updated status.

Necessary Code:

The following AWS Command Line Interface (CLI) command can be used to enable encryption for a DynamoDB table using AWS KMS:

aws dynamodb update-table \
  --table-name <table-name> \
  --sse-specification Enabled=true,KMSMasterKeyId=<kms-key-id>

Replace

<table-name>

with the actual name of the DynamoDB table and

<kms-key-id>

with the ID of the AWS KMS key to be used for encryption.

Remediation Steps:

To remediate a DynamoDB table that is not encrypted with AWS KMS and ensure compliance with NIST 800-53 Revision 5, follow these steps:

1.

Open the AWS Management Console and navigate to the DynamoDB service.

2.

Select the non-compliant table that needs to be encrypted.

3.

Click on "Manage" near the "Encryption" attribute.

4.

Choose an AWS KMS encryption key that complies with NIST 800-53 Revision 5 or create a new key if necessary.

5.

Enable encryption by selecting the chosen AWS KMS key.

6.

Save the changes.

7.

Verify compliance by checking the encryption attribute of the DynamoDB table to ensure it reflects the updated status and shows that encryption is enabled using AWS KMS.

By following these steps, you can properly encrypt the DynamoDB table using AWS KMS and achieve compliance with NIST 800-53 Revision 5.

Ensure DynamoDB Table Encryption with AWS KMS Rule

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Troubleshooting Steps:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Code:

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Remediation Steps:

Is your System Free of Underlying Vulnerabilities? Find Out Now

Troubleshooting Steps:

Necessary Code:

Remediation Steps:

Is your System Free of Underlying Vulnerabilities?
Find Out Now