https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-dynamodb.Table.html#encryption
The documentation for the DynamoDB Table class says that by default, server-side encryption is enabled with an AWS owned customer master key. I was extending this class to set some common props my team always uses when I noticed that if props.encryption is undefined, no encryption is set.
export class DynamoDBTable extends Table {
constructor(scope: Construct, id: string, props: TableProps) {
super(scope,id,props)
}
}Synthing this would yield a template like this:
{
"Resources": {
"TableCD117FA1": {
"DeletionPolicy": "Retain",
"Properties": {
"AttributeDefinitions": [{"AttributeName": "id", "AttributeType": "S"}],
"KeySchema": [{"AttributeName": "id", "KeyType": "HASH"}],
"ProvisionedThroughput": {"ReadCapacityUnits": 5, "WriteCapacityUnits": 5}
},
"Type": "AWS::DynamoDB::Table",
"UpdateReplacePolicy": "Retain"
}
}
}I was expecting to see SSESpecification specified in the Properties for the Table resource but I'm not seeing any encryption related properties set at all.
Should the docs be updated to reflect that by default, no encryption is done?
This was done using version 1.121.0 of @aws-cdk/aws-dynamodb
It's also possible I'm just misunderstanding something. In which case I'd be happy to admit I'm an idiot.
This is a 📕 documentation issue
https://docs.aws.amazon.com/cdk/api/latest/docs/@aws-cdk_aws-dynamodb.Table.html#encryption
The documentation for the DynamoDB
Tableclass says that by default, server-side encryption is enabled with an AWS owned customer master key. I was extending this class to set some common props my team always uses when I noticed that ifprops.encryptionisundefined, no encryption is set.Synthing this would yield a template like this:
{ "Resources": { "TableCD117FA1": { "DeletionPolicy": "Retain", "Properties": { "AttributeDefinitions": [{"AttributeName": "id", "AttributeType": "S"}], "KeySchema": [{"AttributeName": "id", "KeyType": "HASH"}], "ProvisionedThroughput": {"ReadCapacityUnits": 5, "WriteCapacityUnits": 5} }, "Type": "AWS::DynamoDB::Table", "UpdateReplacePolicy": "Retain" } } }I was expecting to see
SSESpecificationspecified in the Properties for the Table resource but I'm not seeing any encryption related properties set at all.Should the docs be updated to reflect that by default, no encryption is done?
This was done using version
1.121.0of@aws-cdk/aws-dynamodbIt's also possible I'm just misunderstanding something. In which case I'd be happy to admit I'm an idiot.
This is a 📕 documentation issue