Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How do I enable Encryption at Rest on DynamoDB with CloudFormation

Tags:

amazon-dynamodb

amazon-cloudformation

I'm trying to figure out if it's possible to create a DynamoDB table using CloudFormation but with Encryption at Rest.

I've managed to find the following develop guide but it just tells you how to create the table using the Console and the AWS CLI: https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/encryption.tutorial.html

From looking at the SDKs seems that you need to set a property on SSEEnabled on SSESpecification to true but can this go in the cloudformation template? and if so where?

AWS::DynamoDB::Table

like image 484
Kevin Smith Avatar asked May 22 '18 10:05

Kevin Smith

People also ask

How do I enable encryption in DynamoDB?

Go to the Additional settings tab. Under Encryption, choose Manage encryption. Choose an encryption type: Owned by Amazon DynamoDB.

Does DynamoDB support encryption at rest?

Amazon DynamoDB is a fully managed, multi-region, multi-master database that by default encrypts all your data at rest to help enhance the security of your DynamoDB data. You can use the default encryption, the AWS owned customer master key (CMK), or the AWS managed CMK to encrypt all your data.

Can we enable encryption on existing DynamoDB table?

All table data is encrypted. Server-side encryption at rest is enabled on all DynamoDB table data and cannot be disabled. You cannot encrypt only a subset of items in a table. DynamoDB has encrypted all existing tables that were previously unencrypted by using the AWS owned key.

Is DynamoDB table encrypted by default?

By default, all tables are encrypted under an AWS owned customer master key (CMK) in the DynamoDB service account. In addition to encryption at rest, which is a server-side encryption feature, AWS provides the Amazon DynamoDB Encryption Client .

1 Answers

You should be able to add it in when creating the table in the template: 

{
    "Type" : "AWS::DynamoDB::Table",
    "Properties" : {
      "AttributeDefinitions" : [ AttributeDefinition, ... ],
      "GlobalSecondaryIndexes" : [ GlobalSecondaryIndexes, ... ],
      "KeySchema" : [ KeySchema, ... ],
      "LocalSecondaryIndexes" : [ LocalSecondaryIndexes, ... ],
      "ProvisionedThroughput" : ProvisionedThroughput,
      "SSESpecification" : {
          "SSEEnabled": true
        },
      "StreamSpecification" : StreamSpecification,
      "TableName" : String,
      "Tags" : [ Resource Tag, ... ],
      "TimeToLiveSpecification" : TimeToLiveSpecification
    }
  }
}

Here's link from the docs: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-dynamodb-table.html

Could it be an IntelliSense issue?

like image 112
Kirill Avatar answered Sep 28 '22 16:09

Kirill
Sign in to Comment

Related questions

Dynamo Error "ConfigError: Missing region in config" when developing Alexa skill locally
How to write JSON data to Dynamodb by ignoring empty elements in boto3
How can I make a sparse index if the key is always required?
How to fix disable validation in Dynamo-db against null / empty string?
How to read an individual column from Dynamo-Db without using Scan in Node-js?
Does AWS Lambda process DynamoDB stream events strictly in order?
DynamoDBSaveExpression with conditional check on GSI
"aws dynamodb list-tables" not showing the tables present
How store an object in Dynamodb?
SCAN on key attribute in DynamoDB
How to use "range_key_condition" to query a DynamoDB table with boto?
Best database solution for Django on AWS
Can't create Amazon Web Services (AWS) credentials object
How to check whether an item exists in the dynamodb table?
Persisting data to DynamoDB using Apache Spark
Storing XML document in AWS DynamoDB
AWS DynamoDB query not filtering on BOOL value
Fetching All Items with DynamoDBMapper
DynamoDB - Global Secondary Index on set items
dynamodb how to query by sort key only?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!