Posted On: Sep 12, 2018

Encryption at rest helps enhance the security of your Amazon DynamoDB data by encrypting your data at rest using the service-default AWS Key Management Service key. Encryption at rest greatly reduces the operational burden and complexity involved in protecting sensitive data.

Encryption at rest is provided at no additional cost, and you pay the same low storage price you are already paying today. The encryption delivers the same single-digit millisecond latency that customers have come to expect from DynamoDB and is fully transparent with all DynamoDB queries working seamlessly on the encrypted data. With this capability, it has never been easier to use DynamoDB for security-sensitive applications with strict encryption compliance and regulatory requirements.

DynamoDB encryption at rest is now available in 16 AWS Regions: US East (N. Virginia), US East (Ohio), US West (N. California), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Seoul), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Osaka-Local), Canada (Central), EU (Frankfurt), EU (Ireland), EU (London), EU (Paris), and South America (Sao Paulo).

You can enable encryption at rest by using the AWS Management Console, AWS Command Line Interface (AWS CLI), or DynamoDB API. For more information, see Enabling Encryption at Rest.