see sample dynamodb table , cloudformation template below. when i create the table below, what encrpytion aws puts in place to protect my data, if it does it all? if not, how can i specify in the template below that i want to encrypt my data with a key provided by aws itself, if possible. if not i assume, i will need to add a key resource to this as well.
AWSTemplateFormatVersion: "2010-09-09"
Resources:
myDynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
-
AttributeName: "product"
AttributeType: "S"
-
AttributeName: "model"
AttributeType: "S"
KeySchema:
-
AttributeName: "product"
KeyType: "HASH"
-
AttributeName: "Model"
KeyType: "RANGE"
ProvisionedThroughput:
ReadCapacityUnits: "5"
WriteCapacityUnits: "5"
TableName: "InfoTable"
As mentioned here, add an SSESpecification to your table. So:
AWSTemplateFormatVersion: "2010-09-09"
Resources:
myDynamoDBTable:
Type: AWS::DynamoDB::Table
Properties:
AttributeDefinitions:
-
AttributeName: "product"
AttributeType: "S"
-
AttributeName: "model"
AttributeType: "S"
KeySchema:
-
AttributeName: "product"
KeyType: "HASH"
-
AttributeName: "Model"
KeyType: "RANGE"
ProvisionedThroughput:
ReadCapacityUnits: "5"
WriteCapacityUnits: "5"
TableName: "InfoTable"
SSESpecification:
SSEEnabled: 'true'
This encrypts the table using the AWS managed encryption key.