Skip to content

4.2

Jump to bottom
Paul Duvall edited this page Nov 12, 2019 · 46 revisions

4.2 Encryption at Rest with DynamoDB

Review and ensure that you have setup your development environment before going through the steps below.

Create an EBS Volume

mkdir ~/environment/ceoa
cd ~/environment/ceoa
touch ceoa-4-ebs.yml

Copy the contents below into the file and save it.

AWSTemplateFormatVersion: "2010-09-09"

Description: cfn_nag demo template

Resources:
  EBSVolume:    
    Type: "AWS::EC2::Volume"
    Properties:
      Encrypted: true
      AvailabilityZone: us-east-1a
      Size: 100

Create a DynamoDB Table

mkdir ~/environment/ceoa
cd ~/environment/ceoa
touch ceoa-4-ddb.yml

Copy the contents below into the file and save it.

AWSTemplateFormatVersion: "2010-09-09"
Resources: 
  myDynamoDBTable: 
    Type: AWS::DynamoDB::Table
    Properties: 
      SSESpecification:
        SSEEnabled: true
      AttributeDefinitions: 
        - 
          AttributeName: "Album"
          AttributeType: "S"
        - 
          AttributeName: "Artist"
          AttributeType: "S"
        - 
          AttributeName: "Sales"
          AttributeType: "N"
        - 
          AttributeName: "NumberOfSongs"
          AttributeType: "N"
      KeySchema: 
        - 
          AttributeName: "Album"
          KeyType: "HASH"
        - 
          AttributeName: "Artist"
          KeyType: "RANGE"
      ProvisionedThroughput: 
        ReadCapacityUnits: "5"
        WriteCapacityUnits: "5"
      TableName:
        Ref: AWS::StackName
      GlobalSecondaryIndexes: 
        - 
          IndexName: "myGSI"
          KeySchema: 
            - 
              AttributeName: "Sales"
              KeyType: "HASH"
            - 
              AttributeName: "Artist"
              KeyType: "RANGE"
          Projection: 
            NonKeyAttributes: 
              - "Album"
              - "NumberOfSongs"
            ProjectionType: "INCLUDE"
          ProvisionedThroughput: 
            ReadCapacityUnits: "5"
            WriteCapacityUnits: "5"
        - 
          IndexName: "myGSI2"
          KeySchema: 
            - 
              AttributeName: "NumberOfSongs"
              KeyType: "HASH"
            - 
              AttributeName: "Sales"
              KeyType: "RANGE"
          Projection: 
            NonKeyAttributes: 
              - "Album"
              - "Artist"
            ProjectionType: "INCLUDE"
          ProvisionedThroughput: 
            ReadCapacityUnits: "5"
            WriteCapacityUnits: "5"
      LocalSecondaryIndexes: 
        - 
          IndexName: "myLSI"
          KeySchema: 
            - 
              AttributeName: "Album"
              KeyType: "HASH"
            - 
              AttributeName: "Sales"
              KeyType: "RANGE"
          Projection: 
            NonKeyAttributes: 
              - "Artist"
              - "NumberOfSongs"
            ProjectionType: "INCLUDE"

Clone this wiki locally