본문 바로가기

AWS Database/AWS DynamoDB

[AWS Certificate]-DynamoDB Encryption

DynamoDB Encryption

  • Server-side Encryption at Rest
    • Enabled by default
    • Uses KMS
    • 256-bit AES Encryption
    • Can use AWS owned CMK, AWS managed CMK, or customer managed CMK
    • Encrypts primary key, secondary indexes, streams, global tables, backups and DAX clusters
  • Encryption in transit
    • Use VPC endpoints for applications running in a VPC
    • Use TLS endpoints for encrypting data transit

 


 

DynamoDB Encryption Client

 

  • For client-side encryption
  • Added protection with encryption in-transit
  • Results in end-to-end encryption
  • Doesn't encrypt the entire table
  • Encrypts the attribute values, but not the attribute names
  • Doesn't encrypt values of the primary key attributes
  • You can selectively encrypt other attribute values
  • You can encrypt selected items in a table, or selected attribute values in some or all items