Your Amazon DynamoDB containing sensitive data might be leaked or manipulated if there are no measures taken to ensure that it is secure. It can further hamper your day-to-day database query related operations. It is important for users to realize the importance of securing their DynamoDB tables.
Enabling Amazon DynamoDB Server Side Encryption (SSE)
Data traffic of tables over multiple servers is automatically managed by AWS DynamoDB without compromising on the performance. It also operates and scales distributed database automatically for users. AWS provisions the users to enable SSE (server-side encryption) in order to take measures for data security.
When server-side encryption is used, data is encrypted before getting saved in the database and gets decrypted when the data is retrieved from the database. Server-side encryption uses multi-factor encryption and encrypts each data object with a unique key. AWS DynamoDB encryption at rest helps you secure your application data in DynamoDB tables for further use.
Centilytics provides a useful insight for your DynamoDB tables to help you maintain the security aspect. This insight lists down all your Amazon DynamoDB tables which do not have Server Side Encryption (SSE) enabled.
There can be two possible scenarios:
|OK||This indication will be displayed when SSE is enabled.|
|CRITICAL||This indication will be displayed when SSE is disabled.|
Description of further columns are as follows:
- Account Id: This column shows the respective account ID of the user.
- Account Name: This column shows the corresponding account name.
- Region: This column shows the region in which the resource exists.
- Table Name: This column shows the name of the table.
- Table Id: This column shows the unique table Id of your corresponding DynamoDB table.
- Identifier: This column shows the unique ARN or the Amazon Resource Number of your resource which is composed of various parameters to uniquely identify your different resources in AWS.
|Account Id||Applying the account Id filter will display data for the selected account Id.|
|Region||Applying the region filter will display data corresponding to the selected region|
|Severity||Applying severity filter will display public snapshots according to the selected severity type i.e. selecting critical will display all resources with critical severity. Same will be the case for Warning and Ok severity types.|
|Resource Tags||Applying resource tags filter will display those resources which have been assigned the selected resource tag. For e.g., A user has tagged some public snapshots by a resource tag named environment. Then selecting an environment from the resource tags filter will display all those resources tagged by the tag name environment.|
|Resource Tags Value||Applying resource tags value filter will display data which will have the selected resource tag value. For e.g. – Let’s say a user has tagged some resource by a tag named environment and has a value say production (environment: production). Hence, the user can view data of all the resources which have “environment:production” tag assigned. The user can use the tag value filter only when a tag name has been provided.|
|Compliance Name||Reference No.||Link|
|ISO 27001||A.18.1.3, A.18.1.5||https://www.iso.org/standard/54534.html|