Posted On: Sep 6, 2019

Amazon DynamoDB is a fully managed, nonrelational database that delivers reliable performance at any scale. Because of the flexible DynamoDB data model, enterprise-ready features, and industry-leading service level agreement, customers are increasingly moving sensitive workloads to DynamoDB such as financial and healthcare data. DynamoDB encryption at rest is now available in the AWS China (Beijing) Region, operated by Sinnet, and the AWS China (Ningxia) Region, operated by NWCD. 

DynamoDB has encrypted all existing tables that were previously unencrypted by using a default AWS owned customer master key (CMK). When creating a new table, you can now use either the default AWS owned CMK or an AWS managed CMK. You do not have to make any code or application modifications to encrypt your data or switch encryption keys between the AWS owned CMK and AWS managed CMK.  

Encryption at rest using the AWS owned CMK is provided at no additional charge. However, AWS KMS charges apply for AWS managed CMK. DynamoDB handles the encryption and decryption of your data transparently and continues to deliver single-digit millisecond latency. 

For more information about encryption at rest, see DynamoDB Encryption at Rest.