Check if DynamoDB table has encryption at rest enabled using CMK KMS.
dynamodb_tables_kms_cmk_encryption_enabled
Check if DynamoDB table has encryption at rest enabled using CMK KMS.
Risk
All user data stored in Amazon DynamoDB is fully encrypted at rest. This functionality helps reduce the operational burden and complexity involved in protecting sensitive data.
Run this check with Prowler CLI
prowler aws --checks dynamodb_tables_kms_cmk_encryption_enabled
ARN template
arn:partition:dynamodb:region:account-id:table/resource-id
Remediation
https://docs.prowler.com/checks/aws/general-policies/ensure-that-dynamodb-tables-are-encrypted#terraform
Specify an encryption key when you create a new table or switch the encryption keys on an existing table by using the AWS Management Console.
Source Code
Resource Type
AwsDynamoDbTable