Posted On: Mar 29, 2019

Amazon DynamoDB is a fully managed, nonrelational database that delivers reliable performance at any scale. Because of the flexible DynamoDB data model, enterprise-ready features, and industry-leading service level agreement, customers are increasingly moving sensitive workloads to DynamoDB such as financial and healthcare data, whose compliance regulations mandate data encryption. DynamoDB encryption at rest is now available in the AWS GovCloud (US) Regions.

DynamoDB has encrypted all existing tables that were previously unencrypted by using a default AWS owned customer master key (CMK). When creating a new table, you can now use either the default AWS owned CMK or an AWS managed CMK.

You do not have to make any code or application modifications to encrypt your data or switch encryption keys between the AWS owned CMK and AWS managed CMK. Encryption at rest using the AWS owned CMK is provided at no additional charge. DynamoDB handles the encryption and decryption of your data transparently and continues to deliver single-digit millisecond latency.

For more information about encryption at rest, see Amazon DynamoDB Encryption at Rest.