Cloud Defense Logo

Products

Solutions

Company

Book A Live Demo

Rule: DynamoDB Table Encrypted with AWS KMS

This rule ensures that DynamoDB table is encrypted using AWS KMS for data security.

RuleDynamoDB table should be encrypted with AWS KMS
FrameworkNIST 800-53 Revision 5
Severity
Medium

Rule Description:

According to the NIST 800-53 Revision 5, DynamoDB tables should be encrypted using AWS Key Management System (KMS) for enhanced security and compliance. This rule ensures that sensitive data stored in DynamoDB tables is protected from unauthorized access or tampering.

Remediation Steps:

To enforce encryption of DynamoDB tables with AWS KMS, follow the steps below:

  1. 1.

    Identify the target DynamoDB table that needs to be encrypted.

  2. 2.

    Access the AWS Management Console or use the AWS Command Line Interface (CLI) to execute the required commands. The following steps assume the CLI approach.

  3. 3.

    Install and configure the AWS CLI, if not already set up, by following the official documentation: AWS CLI Installation Guide.

  4. 4.

    Open a terminal or command prompt, and run the following command to encrypt the DynamoDB table using AWS KMS:

aws dynamodb update-table --table-name <table-name> --sse-specification Enabled=true --sse-type KMS --kms-master-key-id <kms-key-id>
  • Replace
    <table-name>
    with the actual name of the DynamoDB table that needs to be encrypted.
  • Replace
    <kms-key-id>
    with the Amazon Resource Name (ARN) of the appropriate KMS master key to be used for encryption. Make sure the KMS key is compliant with NIST 800-53 Revision 5.
  1. 1.
    Execute the command, and the DynamoDB table will be encrypted using the specified AWS KMS key.

Troubleshooting Steps:

If encountering any issues during the encryption process, consider the following troubleshooting steps:

  1. 1.

    Ensure that the AWS CLI is properly installed and configured on your system. Revisit the AWS CLI installation guide if needed.

  2. 2.

    Verify the spelling and correctness of the DynamoDB table name specified in the CLI command. Any typos or incorrect names will result in command failure.

  3. 3.

    Double-check the KMS key ID used in the command. Confirm that the key is ARN (Amazon Resource Name) format and linked to the AWS account where the DynamoDB table resides.

  4. 4.

    Confirm that your AWS account has sufficient permissions to access both the DynamoDB table and the specified KMS key.

  5. 5.

    If the issues persist, consult the official AWS DynamoDB and AWS KMS documentation, or reach out to AWS Support for further assistance.

Additional Notes:

  • Encrypting DynamoDB tables with AWS KMS enhances data security and ensures compliance with NIST 800-53 Revision 5 requirements.

  • Regularly monitor and review DynamoDB table encryption status to identify any potential misconfigurations or deviations from the defined rules/policies.

Is your System Free of Underlying Vulnerabilities?
Find Out Now