Ensure DynamoDB tables are encrypted

Error: Unencrypted DynamoDB tables

Bridgecrew Policy ID: BC_AWS_GENERAL_52
Checkov Check ID: CKV_AWS_119
Severity: LOW

Unencrypted DynamoDB tables

Description

Encrypting your Amazon DynamoDB helps protect your data from unauthorized access or tampering. That way, you can ensure that only authorized users can access and modify the contents of your DBs. Such action can help protect against external threats such as hackers or malware, as well as internal threats such as accidental or unauthorized access.

Fix - Buildtime

Terraform

  • Resource: aws_dynamodb_table
  • Argument: server_side_encryption
resource "aws_dynamodb_table" "basic-dynamodb-table" {
  ...
  server_side_encryption {
+    enabled = true
+    kms_key_arn= aws_kms_key.dynamo.arn
  }
}