Rule: DynamoDB table should have encryption enabled
This rule ensures that DynamoDB tables have encryption enabled for data security.
| Rule | DynamoDB table should have encryption enabled |
| Framework | GxP EU Annex 11 |
| Severity | ✔ Low |
Rule Description:
The DynamoDB table should have encryption enabled to ensure compliance with the requirements of GxP (Good x Practice) and the European Union (EU) Annex 11 standard for data security and privacy.
Troubleshooting Steps (if applicable):
If encryption is not enabled for the DynamoDB table, follow the below steps to troubleshoot and enable encryption:
- 1.
Check the encryption status of the DynamoDB table. This can be done through the AWS Management Console, AWS CLI, or AWS SDKs/APIs.
- 2.
If encryption is not enabled, proceed to enable it using the appropriate method as per your preference.
Necessary Codes/Configuration (if applicable):
Here are the necessary codes/configuration to enable encryption for DynamoDB table:
- 1.
Enabling encryption using AWS Management Console:
- Open the AWS Management Console and navigate to the DynamoDB service.
- Locate the target table and click on its name.
- In the table details, click on the "Encryption" tab.
- Choose the desired encryption option (such as AWS Key Management Service - AWS KMS) and configure the relevant encryption settings.
- Save the changes to enable encryption for the DynamoDB table.
- 2.
Enabling encryption using AWS CLI:
- Open the command-line interface (CLI) on your local machine or a terminal in the AWS management console.
- Run the command to enable encryption on the DynamoDB table:
Replaceaws dynamodb update-table --table-name <table-name> --sse-specification Enabled=true, SSEType=<encryption-type>
with the actual name of the DynamoDB table, and<table-name>
with the desired encryption type, such as 'KMS' for AWS Key Management Service.<encryption-type> - Execute the command and wait for the confirmation of successful encryption enabling.
Step-by-Step Guide for Remediation:
Follow these step-by-step instructions to enable encryption for the DynamoDB table:
- 1.
Option 1: Enabling encryption using AWS Management Console:
- Log in to the AWS Management Console.
- Navigate to the DynamoDB service.
- Find the target DynamoDB table that needs encryption.
- Click on the table name to open its details.
- Select the "Encryption" tab.
- Choose the encryption option that complies with GxP EU Annex 11 requirements.
- Configure any additional encryption settings if required.
- Save the changes to enable encryption for the DynamoDB table.
- 2.
Option 2: Enabling encryption using AWS CLI:
- Open the command-line interface (CLI) or terminal.
- Use the appropriate AWS CLI command to enable encryption on the DynamoDB table.
- Replace
with the actual name of the DynamoDB table.<table-name> - Specify the desired encryption type, such as AWS Key Management Service ('KMS').
- Execute the AWS CLI command and wait for the confirmation of successful encryption enabling.
Ensure that you follow the proper guidelines and best practices regarding key management and access policies for the encryption method you choose.
Remember to validate and test the encryption settings after enabling encryption to ensure that the DynamoDB table is appropriately encrypted and complies with GxP EU Annex 11 requirements.