Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: DynamoDB Table Encrypted with AWS KMS

Ensure DynamoDB table is encrypted with AWS Key Management Service (KMS) for enhanced security.

RuleDynamoDB table should be encrypted with AWS KMS
FrameworkGeneral Data Protection Regulation (GDPR)
Severity
Medium

Rule Description:

According to General Data Protection Regulation (GDPR) requirements, all data stored in DynamoDB tables should be encrypted using AWS Key Management Service (KMS). Encrypting the data ensures that it is secure and protected from unauthorized access or data breaches.

Troubleshooting Steps:

If the DynamoDB table is not encrypted with AWS KMS, follow these troubleshooting steps:

  2. 1.

    Verify KMS Key: Check if the appropriate AWS KMS key exists for encryption. Ensure that the key has appropriate permissions.

  4. 2.

    Enable Encryption: If encryption is not enabled for the DynamoDB table, enable it by specifying the KMS key during table creation or modification.

  6. 3.

    Check Table Encryption Status: Verify the encryption status of the DynamoDB table. If it is not encrypted, proceed to enable encryption.

  8. 4.

    Permissions Setup: Ensure that the IAM roles and policies associated with the table have the necessary permissions to access the KMS key and enable encryption.

Necessary Codes:

No specific code is required for troubleshooting this rule. However, you may need to use AWS CLI or SDKs to enable encryption for the DynamoDB table.

Remediation Steps:

Follow the below steps to encrypt a DynamoDB table with AWS KMS:

  2. 1.

    Identify the KMS Key ARN: Determine the Amazon Resource Name (ARN) of the KMS key that you want to use for encryption.

  4. 2.

    Apply Encryption Using AWS CLI:

    $ aws dynamodb update-table \
  --table-name <table-name> \
  --sse-specification Enabled=true,KMSMasterKeyId=<kms-key-arn>

    Replace 

    <table-name>
    with the actual name of the DynamoDB table you want to encrypt. Replace 
    <kms-key-arn>
    with the ARN of the desired KMS key.

  6. 3.

    Apply Encryption Using AWS SDKs: Utilize the appropriate AWS SDK for your preferred programming language to update the table with encryption enabled. Here's an example using Python and Boto3 SDK:

    import boto3
 
dynamodb_client = boto3.client('dynamodb')
response = dynamodb_client.update_table(
    TableName='<table-name>',
    SSESpecification={
        'Enabled': True,
        'KMSMasterKeyId': '<kms-key-arn>'
    }
)

    Replace 

    <table-name>
    with the actual name of the DynamoDB table, and 
    <kms-key-arn>
    with the ARN of the desired KMS key.

  8. 4.

    Verify Encryption: After applying encryption, verify the encryption status of the DynamoDB table to ensure it is encrypted using AWS KMS.

Conclusion:

Encrypting DynamoDB tables using AWS KMS helps organizations comply with GDPR regulations, providing data protection and ensuring the security of sensitive data stored in the tables. By following the troubleshooting steps provided and applying the necessary codes, you can successfully enable encryption for your DynamoDB tables with AWS KMS.

Is your System Free of Underlying Vulnerabilities?
Find Out Now