Description

Some AWS DyanmoDB instances are not encrypted or use the default KMS encryption which do not use a Customer Managed Key (CMK)

Impact

Obtain critical information from the databases in plaintext

Recommendation

Enable the DynamoDB encryption for all their instances using a custom KMS key

Threat

Authenticated attacker from the Internet with access to the Database

Expected Remediation Time

⏱️ 20 minutes.

Details

https://docs.bridgecrew.io/docs/ensure-that-dynamodb-tables-are-encrypted

Requirements

Fixes