Rule: DynamoDB table encrypted with AWS KMS

Ensure DynamoDB table is encrypted with AWS KMS to maintain security standards.

Rule	DynamoDB table should be encrypted with AWS KMS
Framework	RBI Cyber Security Framework
Severity	✔ Medium

DynamoDB Table Encryption with AWS KMS for RBI Cyber Security Framework

Rule Description

As per the RBI Cyber Security Framework, all sensitive data stored in DynamoDB tables should be encrypted to ensure data confidentiality and integrity. DynamoDB offers encryption at rest, and AWS Key Management Service (KMS) should be utilized for managing the encryption keys.

Steps for Troubleshooting (if applicable)

If you encounter any issues while encrypting DynamoDB with AWS KMS, follow these troubleshooting steps:

1.
Verify IAM Permissions: Ensure that the IAM user or role attempting to enable encryption has the necessary permissions for accessing KMS and modifying DynamoDB table settings.

2.
Check KMS Key Policy: Verify that the KMS key used for encryption has proper permissions assigned. The key policy should grant adequate access to the DynamoDB service and the appropriate IAM entities.

3.
Verify Encryption Configuration: Confirm that encryption is enabled for the DynamoDB table by checking the table settings. Additionally, ensure the correct KMS key is selected for encryption during table creation or modification.

Necessary Code (if applicable)

Here is an example of how to enable encryption for a DynamoDB table using AWS CLI:

aws dynamodb update-table \
  --table-name <table-name> \
  --sse-specification Enabled=true \
  --sse-specification KMSMasterKeyId=<kms-key-id>

Replace

<table-name>

with the name of your DynamoDB table and

<kms-key-id>

with the ID of the desired KMS CMK (Customer Master Key).

Step-by-Step Guide for Remediation

To encrypt a DynamoDB table with AWS KMS for RBI Cyber Security Framework compliance, follow these steps:

1.
Login to the AWS Management Console.

2.
Navigate to the DynamoDB service.

3.
Select the desired DynamoDB table for encryption.

4.
Click on the "Actions" dropdown and choose "Manage KMS Encryption."

5.
In the "Encryption" tab, select the option to enable encryption.

6.
Choose the appropriate KMS CMK from the dropdown or click "Create KMS" to create a new key.

7.
Save the changes and confirm the encryption settings.

8.
Verify that the DynamoDB table is now encrypted. The status should show as "Encrypting" and eventually change to "Active" when the encryption process completes.

Ensure that you have appropriate access permissions, including IAM roles and necessary policies, to perform the above actions. Monitor the DynamoDB table for any issues post-encryption to ensure data consistency.

Note: Always follow AWS best practices and consult with your organization's security team when implementing security measures to comply with specific frameworks and regulations like the RBI Cyber Security Framework.

Rule: DynamoDB table encrypted with AWS KMS

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Rule Description

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Steps for Troubleshooting (if applicable)

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Necessary Code (if applicable)

.css-doq6ia{margin:0;font-family:Inter;font-weight:400;font-size:1.2857142857142858rem;line-height:1.5;color:#161857;text-align:left;font-size:26px;font-weight:700;margin-top:1rem;}Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities? Find Out Now

Rule Description

Steps for Troubleshooting (if applicable)

Necessary Code (if applicable)

Step-by-Step Guide for Remediation

Is your System Free of Underlying Vulnerabilities?
Find Out Now