Ensure DynamoDB tables are encrypted

Error: Unencrypted DynamoDB tables

Bridgecrew Policy ID: BC_AWS_GENERAL_52
Checkov Check ID: CKV_AWS_119
Severity: LOW

Unencrypted DynamoDB tables

Description

Checks if the Amazon DynamoDB tables are encrypted, and in line with AWS best security practice - with a specified non-default KMS key.

Fix - Buildtime

Terraform

  • Resource: aws_dynamodb_table
  • Argument: server_side_encryption
resource "aws_dynamodb_table" "basic-dynamodb-table" {
  ...
  server_side_encryption {
+    enabled = true
+    kms_key_arn= aws_kms_key.dynamo.arn
  }
}

Did this page help you?