TableEncryptionV2

class aws_cdk.aws_dynamodb.TableEncryptionV2(*args: Any, **kwargs)

Bases: object

Represents server-side encryption for a DynamoDB table.

ExampleMetadata:

infused

Example:

import aws_cdk as cdk
import aws_cdk.aws_kms as kms


app = cdk.App()
stack = cdk.Stack(app, "Stack", env=cdk.Environment(region="us-west-2"))

table_key = kms.Key(stack, "Key")
replica_key_arns = {
    "us-east-1": "arn:aws:kms:us-east-1:123456789012:key/g24efbna-az9b-42ro-m3bp-cq249l94fca6",
    "us-east-2": "arn:aws:kms:us-east-2:123456789012:key/h90bkasj-bs1j-92wp-s2ka-bh857d60bkj8"
}

global_table = dynamodb.TableV2(stack, "GlobalTable",
    partition_key=dynamodb.Attribute(name="pk", type=dynamodb.AttributeType.STRING),
    encryption=dynamodb.TableEncryptionV2.customer_managed_key(table_key, replica_key_arns),
    replicas=[dynamodb.ReplicaTableProps(region="us-east-1"), dynamodb.ReplicaTableProps(region="us-east-2")
    ]
)

Attributes

replica_key_arns
table_key
type

Static Methods

classmethod aws_managed_key()

Configure server-side encryption using an AWS managed key.

Return type:

TableEncryptionV2

classmethod customer_managed_key(table_key, replica_key_arns=None)

Configure server-side encryption using customer managed keys.

Parameters:
  • table_key (IKey) – the KMS key for the primary table.

  • replica_key_arns (Optional[Mapping[str, str]]) – an object containing the ARN of the KMS key to use for each replica table.

Return type:

TableEncryptionV2

classmethod dynamo_owned_key()

Configure server-side encryption using a DynamoDB owned key.

Return type:

TableEncryptionV2