Your company has a requirement to host an application.
The application would be hosted on an EC2 Instance and interacting with a DynamoDB table.
There is a security requirement to ensure that all data on the DynamoDB table is encrypted at rest.
How can you achieve this with the least number of steps and ensure that all types of data are encrypted?
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A.
The AWS Documentation mentions the following.
All user data stored in Amazon DynamoDB is fully encrypted at rest.
DynamoDB encryption at rest provides enhanced security by encrypting all your data at rest using encryption keys stored in AWS Key Management Service (AWS KMS)
This functionality helps reduce the operational burden and complexity involved in protecting sensitive data.
With encryption at rest, you can build security-sensitive applications that meet strict encryption compliance and regulatory requirements.
All other options are invalid because data at rest is encrypted by default in DynamoDB.For more information on AWS KMS and DynamoDB, please visit the below URL.
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.htmlThe correct answer is D: Enable encryption at rest for the DynamoDB table. Then enable encryption of the underlying keys and indexes.
Explanation: To ensure that all data on the DynamoDB table is encrypted at rest, we need to enable encryption at rest for the table. DynamoDB provides a feature called Server-Side Encryption (SSE) that automatically encrypts all table data at rest using AES-256 encryption. SSE encrypts data when it is written to disk and decrypts it when it is read from disk. This helps to ensure that sensitive data stored in the table is protected against unauthorized access.
To enable SSE for a DynamoDB table, you can use the AWS Management Console, AWS CLI, or AWS SDKs. Once SSE is enabled for the table, all data in the table is automatically encrypted at rest.
However, simply enabling encryption at rest for the DynamoDB table is not sufficient to ensure that all types of data are encrypted. DynamoDB also supports indexes, which are used to speed up queries and scans. Indexes can contain sensitive data, and it is important to ensure that this data is also encrypted at rest.
To encrypt the underlying keys and indexes of a DynamoDB table, you need to enable encryption for each individual index. This can be done using the AWS Management Console, AWS CLI, or AWS SDKs. Once encryption is enabled for the indexes, all data in the indexes is also automatically encrypted at rest.
In summary, the correct approach to ensure that all data on the DynamoDB table is encrypted at rest is to enable encryption at rest for the table, then enable encryption of the underlying keys and indexes. This approach meets the security requirement with the least number of steps.