What is Encryption at rest and in transit in DynamoDB?

DynamoDBquery~5 mins

Encryption at rest and in transit in DynamoDB

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Introduction

Encryption keeps your data safe by turning it into secret code. Encryption at rest protects stored data, and encryption in transit protects data moving between places.

When you want to protect sensitive customer information stored in your database.

When your application sends data over the internet and you want to keep it private.

When you need to follow security rules or laws that require data protection.

When you want to prevent unauthorized people from reading your data if they get access.

When you want to build trust with users by keeping their data secure.

Syntax

DynamoDB

Encryption at rest: Enabled by default in DynamoDB using AWS owned keys or customer managed keys.
Encryption in transit: Use HTTPS (TLS) endpoints to connect to DynamoDB.

Example: 
- Enable encryption at rest with AWS KMS key when creating a table.
- Use HTTPS endpoint to access DynamoDB API.

DynamoDB automatically encrypts data at rest by default.

To encrypt data in transit, always use HTTPS endpoints when connecting to DynamoDB.

Examples

This command creates a DynamoDB table with encryption at rest enabled using a customer managed AWS KMS key.

DynamoDB

aws dynamodb create-table \
  --table-name MyTable \
  --attribute-definitions AttributeName=Id,AttributeType=S \
  --key-schema AttributeName=Id,KeyType=HASH \
  --billing-mode PAY_PER_REQUEST \
  --sse-specification Enabled=true,KMSMasterKeyId=alias/myKey

Always connect to DynamoDB using HTTPS to ensure encryption in transit.

DynamoDB

Use HTTPS endpoint:
https://dynamodb.us-west-2.amazonaws.com

Sample Program

This command creates a DynamoDB table named SecureTable with encryption at rest enabled using the default AWS managed key.

DynamoDB

aws dynamodb create-table \
  --table-name SecureTable \
  --attribute-definitions AttributeName=UserId,AttributeType=S \
  --key-schema AttributeName=UserId,KeyType=HASH \
  --billing-mode PAY_PER_REQUEST \
  --sse-specification Enabled=true,KMSMasterKeyId=alias/aws/dynamodb

OutputSuccess

Important Notes

Encryption at rest protects data stored on disk inside DynamoDB.

Encryption in transit protects data as it moves between your app and DynamoDB.

Using customer managed keys gives you more control over encryption keys.

Summary

Encryption at rest secures stored data automatically in DynamoDB.

Encryption in transit requires using HTTPS endpoints to keep data safe while moving.

Enabling encryption helps protect sensitive data and meet security requirements.