Posted On: Sep 6, 2019
Amazon DynamoDB is a fully managed, nonrelational database that delivers reliable performance at any scale. Because of the flexible DynamoDB data model, enterprise-ready features, and industry-leading service level agreement, customers are increasingly moving sensitive workloads to DynamoDB such as financial and healthcare data. DynamoDB encryption at rest is now available in the Amazon Web Services China (Beijing) Region, operated by Sinnet, and the Amazon Web Services China (Ningxia) Region, operated by NWCD.
DynamoDB has encrypted all existing tables that were previously unencrypted by using a default Amazon Web Services owned customer master key (CMK). When creating a new table, you can now use either the default Amazon Web Services owned CMK or an Amazon Web Services managed CMK. You do not have to make any code or application modifications to encrypt your data or switch encryption keys between the Amazon Web Services owned CMK and Amazon Web Services managed CMK.
Encryption at rest using the Amazon Web Services owned CMK is provided at no additional charge. However, Amazon KMS charges apply for Amazon Web Services managed CMK. DynamoDB handles the encryption and decryption of your data transparently and continues to deliver single-digit millisecond latency.
For more information about encryption at rest, see DynamoDB Encryption at Rest.