> For the complete documentation index, see [llms.txt](https://docs.sprinto.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.sprinto.com/monitors/encryption-and-backup-monitoring/how-to-resolve-sprinto-check-for-encrypting-dynamodb.md). # How to resolve Sprinto check for encrypting DynamoDB ### About Sprinto Check: AWS DynamoDB should be encrypted Encrypting data stored in Amazon DynamoDB is a fundamental practice to enhance security and meet encryption compliance and regulatory requirements. DynamoDB encryption at rest adds a layer of protection to your data by encrypting it using encryption keys stored in AWS Key Management Service (AWS KMS). This article guides on implementing DynamoDB encryption at rest and introduces the DynamoDB Encryption Client for client-side encryption. ### Purpose The purpose of the Sprinto check for DynamoDB Encryption is to ensure that all user data stored in DynamoDB is fully encrypted at rest and, optionally, during transit. This implementation helps you: * Data Security: Enhance the security of your data in DynamoDB by encrypting it at rest using AWS KMS. * Compliance Requirements: Fulfill encryption compliance and regulatory requirements imposed by organizational policies or industry standards. * End-to-End Protection: Optionally utilize client-side encryption for end-to-end data protection from its source to storage in DynamoDB. * Sprinto Check Passing: Update the Sprinto check status to "Passing" after implementing the recommended encryption measures. ### Things to remember about DynamoDB encryption * All DynamoDB tables are encrypted by default under an AWS-owned customer master key (CMK) in the DynamoDB service account. * No option exists to turn on or off encryption for new or existing tables. * DynamoDB encryption at rest integrates with AWS KMS for managing encryption keys. * When creating a new table, choose the customer master key (CMK) for encryption, including AWS-owned, AWS-managed, or customer-managed CMK. #### Optional: Client-Side Encryption Implementation DynamoDB Encryption Client: * AWS provides the Amazon DynamoDB Encryption Client for client-side encryption. * This library enables you to protect your table data before submitting it to DynamoDB. * Use the DynamoDB Encryption Client along with encryption at rest for comprehensive data protection. For additional assistance or queries, please get in touch with Sprinto Support. We're here to assist you in implementing DynamoDB encryption for enhanced data security. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.sprinto.com/monitors/encryption-and-backup-monitoring/how-to-resolve-sprinto-check-for-encrypting-dynamodb.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.