aws-cdk-lib.aws_dynamodb.TableEncryption

enum TableEncryption

LanguageType name
.NETAmazon.CDK.AWS.DynamoDB.TableEncryption
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsdynamodb#TableEncryption
Javasoftware.amazon.awscdk.services.dynamodb.TableEncryption
Pythonaws_cdk.aws_dynamodb.TableEncryption
TypeScript (source)aws-cdk-lib » aws_dynamodb » TableEncryption

What kind of server-side encryption to apply to this table.

Example

const table = new dynamodb.Table(this, 'MyTable', {
  partitionKey: { name: 'id', type: dynamodb.AttributeType.STRING },
  encryption: dynamodb.TableEncryption.CUSTOMER_MANAGED,
});

// You can access the CMK that was added to the stack on your behalf by the Table construct via:
const tableEncryptionKey = table.encryptionKey;

Members

NameDescription
DEFAULTServer-side KMS encryption with a master key owned by AWS.
CUSTOMER_MANAGEDServer-side KMS encryption with a customer master key managed by customer.
AWS_MANAGEDServer-side KMS encryption with a master key managed by AWS.

DEFAULT

Server-side KMS encryption with a master key owned by AWS.


CUSTOMER_MANAGED

Server-side KMS encryption with a customer master key managed by customer.

If encryptionKey is specified, this key will be used, otherwise, one will be defined.

NOTE: if encryptionKey is not specified and the Table construct creates a KMS key for you, the key will be created with default permissions. If you are using CDKv2, these permissions will be sufficient to enable the key for use with DynamoDB tables. If you are using CDKv1, make sure the feature flag @aws-cdk/aws-kms:defaultKeyPolicies is set to true in your cdk.json.


AWS_MANAGED

Server-side KMS encryption with a master key managed by AWS.