DynamoDBquery~30 mins

Encryption at rest and in transit in DynamoDB - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Encryption at rest and in transit with DynamoDB

📖 Scenario: You are building a secure application that stores user data in AWS DynamoDB. To protect sensitive information, you need to ensure that data is encrypted both when stored (at rest) and when sent over the network (in transit).

🎯 Goal: Create a DynamoDB table with encryption at rest enabled and configure the AWS SDK client to use HTTPS for encryption in transit.

📋 What You'll Learn

Create a DynamoDB table named UserData with server-side encryption enabled using the AWS managed key.

Configure the AWS SDK DynamoDB client to use HTTPS endpoint to ensure encryption in transit.

Use exact names: table name UserData, encryption type AWS_MANAGED, and HTTPS endpoint https://dynamodb.us-west-2.amazonaws.com.

💡 Why This Matters

🌍 Real World

Many applications store sensitive user data in DynamoDB and must protect it from unauthorized access by encrypting data at rest and in transit.

💼 Career

Understanding how to enable encryption in DynamoDB and configure secure clients is essential for cloud developers and security engineers working with AWS.

Progress0 / 4 steps

Create DynamoDB table with encryption at rest

Write the AWS CLI command to create a DynamoDB table named UserData with a primary key called UserId of type string. Enable server-side encryption using the AWS managed key by including --sse-specification Enabled=true,SSEType=KMS.

DynamoDB

# Your AWS CLI command here

Need a hint?

Use aws dynamodb create-table with --sse-specification Enabled=true,SSEType=KMS to enable encryption at rest.

Configure AWS SDK DynamoDB client endpoint

In your AWS SDK configuration code, create a DynamoDB client object that connects to the HTTPS endpoint https://dynamodb.us-west-2.amazonaws.com to ensure encryption in transit. Assign this client to a variable named dynamodb_client.

DynamoDB

aws dynamodb create-table \
    --table-name UserData \
    --attribute-definitions AttributeName=UserId,AttributeType=S \
    --key-schema AttributeName=UserId,KeyType=HASH \
    --billing-mode PAY_PER_REQUEST \
    --sse-specification Enabled=true,SSEType=KMS

# Create DynamoDB client with HTTPS endpoint
# Your code here

Need a hint?

Use boto3.client('dynamodb', endpoint_url='https://dynamodb.us-west-2.amazonaws.com') to create the client.

Put an item securely into the DynamoDB table

Use the dynamodb_client to put an item into the UserData table. The item should have UserId set to "user123" and Email set to "user123@example.com". Use the put_item method with the correct parameters.

DynamoDB

aws dynamodb create-table \
    --table-name UserData \
    --attribute-definitions AttributeName=UserId,AttributeType=S \
    --key-schema AttributeName=UserId,KeyType=HASH \
    --billing-mode PAY_PER_REQUEST \
    --sse-specification Enabled=true,SSEType=KMS

import boto3

dynamodb_client = boto3.client('dynamodb', endpoint_url='https://dynamodb.us-west-2.amazonaws.com')

# Put an item into UserData table
# Your code here

Need a hint?

Use dynamodb_client.put_item with TableName and Item parameters.

Enable HTTPS enforcement in client configuration

Add a configuration to the dynamodb_client to explicitly enforce HTTPS by setting the use_ssl parameter to True when creating the client.

DynamoDB

aws dynamodb create-table \
    --table-name UserData \
    --attribute-definitions AttributeName=UserId,AttributeType=S \
    --key-schema AttributeName=UserId,KeyType=HASH \
    --billing-mode PAY_PER_REQUEST \
    --sse-specification Enabled=true,SSEType=KMS

import boto3

# Create DynamoDB client with HTTPS enforced
# Your code here

dynamodb_client.put_item(
    TableName='UserData',
    Item={
        'UserId': {'S': 'user123'},
        'Email': {'S': 'user123@example.com'}
    }
)

Need a hint?

Add use_ssl=True when creating the client to enforce HTTPS.