github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/dynamodb/AVD-AWS-0025/Terraform.md

github.com/khulnasoft-lab/defsec@v1.0.5-0.20230827010352-5e9f46893d95/avd_docs/aws/dynamodb/AVD-AWS-0025/Terraform.md (about)

     1  
     2  Enable server side encryption with a customer managed key
     3  
     4  ```hcl
     5   resource "aws_kms_key" "dynamo_db_kms" {
     6   	enable_key_rotation = true
     7   }
     8   
     9   resource "aws_dynamodb_table" "good_example" {
    10   	name             = "example"
    11   	hash_key         = "TestTableHashKey"
    12   	billing_mode     = "PAY_PER_REQUEST"
    13   	stream_enabled   = true
    14   	stream_view_type = "NEW_AND_OLD_IMAGES"
    15     
    16   	attribute {
    17   	  name = "TestTableHashKey"
    18   	  type = "S"
    19   	}
    20     
    21   	replica {
    22   	  region_name = "us-east-2"
    23   	}
    24     
    25   	replica {
    26   	  region_name = "us-west-2"
    27   	}
    28   
    29   	server_side_encryption {
    30   		enabled     = true
    31   		kms_key_arn = aws_kms_key.dynamo_db_kms.key_id
    32   	}
    33     }
    34   
    35  ```
    36  
    37  #### Remediation Links
    38   - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dynamodb_table#server_side_encryption
    39