Rule: DynamoDB table should be encrypted with AWS KMS

Rule Description:

Troubleshooting Steps:

2. 1.

   Verify DynamoDB Table Encryption: Confirm if the DynamoDB table is already encrypted with AWS KMS.

4. 2.

   Check KMS Key Policy: Ensure that the KMS key policy allows DynamoDB service to access and use the key for encryption.

6. 3.

   Verify IAM Permissions: Validate that the IAM role or user associated with the DynamoDB table has appropriate permissions to encrypt and decrypt data using the KMS key.

8. 4.

   Check AWS Region Compatibility: Ensure that the DynamoDB table and the KMS key are in the same AWS region. DynamoDB and KMS must be in the same region for encryption to work.

10. 5.

    Review Error Messages: If encryption is not working, examine error messages for further troubleshooting.

Necessary Code:

Step-by-Step Remediation Guide:

2. 1.

   Sign in to the AWS Management Console.

4. 2.

   Open the Amazon DynamoDB console.

6. 3.

   Select the desired DynamoDB table that needs to be encrypted.

8. 4.

   Click on the "Encryption" tab in the table details.

10. 5.

    Check if "Encryption at rest" is already enabled. If not, proceed to the next step.

12. 6.

    Click on "Modify" beside "Encryption at rest".

14. 7.

    Choose "Enable encryption" option.

16. 8.

    Select the appropriate AWS KMS key from the dropdown menu under "AWS Key Management Service" section. If the desired KMS key is not available, create a new one using the KMS service.

18. 9.

    Click on "Save" to enable encryption using the selected KMS key.

20. 10.

    Wait for the encryption process to complete. This may take some time depending on the size of the DynamoDB table.

22. 11.

    Verify encryption status by checking if "Encryption at rest" for the DynamoDB table shows as enabled.

24. 12.

    Validate GxP compliance requirements with your organization's internal procedures or relevant regulatory guidelines.