TableEncryption
- class aws_cdk.aws_dynamodb.TableEncryption(value)
Bases:
Enum
What kind of server-side encryption to apply to this table.
- ExampleMetadata:
infused
Example:
table = dynamodb.Table(self, "MyTable", partition_key=dynamodb.Attribute(name="id", type=dynamodb.AttributeType.STRING), encryption=dynamodb.TableEncryption.CUSTOMER_MANAGED ) # You can access the CMK that was added to the stack on your behalf by the Table construct via: table_encryption_key = table.encryption_key
Attributes
- AWS_MANAGED
Server-side KMS encryption with a master key managed by AWS.
- CUSTOMER_MANAGED
Server-side KMS encryption with a customer master key managed by customer.
If
encryptionKey
is specified, this key will be used, otherwise, one will be defined. .. epigraph:**NOTE**: if ``encryptionKey`` is not specified and the ``Table`` construct creates a KMS key for you, the key will be created with default permissions. If you are using CDKv2, these permissions will be sufficient to enable the key for use with DynamoDB tables. If you are using CDKv1, make sure the feature flag ``@aws-cdk/aws-kms:defaultKeyPolicies`` is set to ``true`` in your ``cdk.json``.
- DEFAULT
Server-side KMS encryption with a master key owned by AWS.