Login

Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: DynamoDB Table Encrypted with AWS KMS

Ensure DynamoDB table is encrypted using AWS KMS for enhanced security

RuleDynamoDB table should be encrypted with AWS KMS
FrameworkHIPAA
Severity
Medium

Rule Description

The rule states that, to comply with HIPAA regulations, any DynamoDB table in an AWS environment should be encrypted using AWS Key Management Service (KMS).

Troubleshooting Steps

  2. 1.
    Verify whether the DynamoDB table is already encrypted with AWS KMS.
  4. 2.
    Check if the appropriate KMS Key Policy allows access to the table by the required AWS Identity and Access Management (IAM) roles.
  6. 3.
    Ensure that the IAM roles associated with the DynamoDB table have the necessary permissions to encrypt and decrypt data using the KMS key.
  8. 4.
    Confirm that the appropriate AWS regions have KMS available for use.
  10. 5.
    Check if the necessary AWS CLI or SDK version is installed to configure encryption settings.

Necessary Codes

For this rule, no specific code is required for troubleshooting or resolution. However, you can use the AWS CLI or SDK to enable encryption on DynamoDB tables.

Step-by-Step Guide for Remediation

  2. 1.

    Step 1: Configure AWS CLI or SDK with appropriate credentials.

  4. 2.

    Step 2: Identify the DynamoDB table that needs to be encrypted using AWS KMS.

  6. 3.

    Step 3: Ensure that the necessary AWS regions have KMS available.

  8. 4.

    Step 4: Determine the KMS key to be used for encryption.

  10. 5.

    Step 5: Enable encryption on the DynamoDB table using the AWS CLI or SDK by following either of the two methods below.

    Method 1: AWS CLI

    Run the following AWS CLI command to enable encryption on the DynamoDB table:

    aws dynamodb update-table --table-name <table-name> --sse-specification Enabled=true --sse-type KMS --kms-master-key-id <kms-key-id>

    Replace 

    <table-name>
    with the name of the DynamoDB table and 
    <kms-key-id>
    with the ID of the KMS key to be used.

    Method 2: AWS SDK

    Use the AWS SDK for the desired programming language (e.g., Python, Java) to update the DynamoDB table encryption settings. The code should include the following steps:

    • Initialize the AWS SDK and authenticate with appropriate credentials.
    • Use the SDK's method to enable encryption on the DynamoDB table.
    • Set the encryption options to use AWS KMS and provide the KMS key ID.
  12. 6.

    Step 6: Verify the encryption status of the DynamoDB table using AWS CLI or SDK.

    Run the following AWS CLI command to get the table description and check if the encryption is enabled:

    aws dynamodb describe-table --table-name <table-name>

    Replace 

    <table-name>
    with the name of the DynamoDB table.

  14. 7.

    Step 7: Test the encryption by performing read and write operations on the DynamoDB table.

    Insert a test record and verify if data is encrypted at rest. Retrieve the test record and verify if data is decrypted.

Conclusion

By following the above step-by-step guide, you can enable encryption on a DynamoDB table using AWS KMS, ensuring compliance with HIPAA regulations. Remember to test the encryption functionality to ensure that data is properly encrypted and decrypted.

Is your System Free of Underlying Vulnerabilities?
Find Out Now