DynamoDB tables should use at rest encryption with a Customer Managed Key
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | dynamodb |
| Provider | AWS |
Description#
DynamoDB tables are configured to use AWS-managed encryption keys instead of customer-managed KMS keys, limiting control over key management, rotation, and access policies. This reduces the ability to customize encryption practices to organizational security requirements.
Impact#
Relying on AWS-managed keys restricts granular control over how table data is encrypted and who can access or rotate the keys. If compromised, sensitive data could be at greater risk due to less stringent or customizable key management, potentially leading to unauthorized data exposure or compliance issues.
Resolution#
Enable server side encryption with a customer managed key