diff --git a/packages/dynamodb-data-mapper/src/DataMapper.spec.ts b/packages/dynamodb-data-mapper/src/DataMapper.spec.ts index 686cc6b6..6b078c55 100644 --- a/packages/dynamodb-data-mapper/src/DataMapper.spec.ts +++ b/packages/dynamodb-data-mapper/src/DataMapper.spec.ts @@ -817,7 +817,8 @@ describe('DataMapper', () => { ReadCapacityUnits: 5, WriteCapacityUnits: 5, }, - StreamSpecification: { StreamEnabled: false } + StreamSpecification: { StreamEnabled: false }, + SSESpecification: { Enabled: false }, }, ] ]); @@ -876,6 +877,47 @@ describe('DataMapper', () => { StreamEnabled: true, StreamViewType: 'NEW_AND_OLD_IMAGES' }, + SSESpecification: { Enabled: false }, + }, + ] + ]); + }); + + it('should allow enabling sse using kms', async () => { + await mapper.createTable(Item, { + readCapacityUnits: 5, + writeCapacityUnits: 5, + sseSpecification: { + enabled: true, + sseType: 'KMS', + }, + }); + + expect(mockDynamoDbClient.createTable.mock.calls).toEqual([ + [ + { + TableName: 'foo', + AttributeDefinitions: [ + { + AttributeName: 'id', + AttributeType: 'S' + } + ], + KeySchema: [ + { + AttributeName: 'id', + KeyType: 'HASH', + } + ], + ProvisionedThroughput: { + ReadCapacityUnits: 5, + WriteCapacityUnits: 5, + }, + StreamSpecification: { StreamEnabled: false }, + SSESpecification: { + Enabled: true, + SSEType: 'KMS', + }, }, ] ]); @@ -1068,6 +1110,7 @@ describe('DataMapper', () => { WriteCapacityUnits: 5, }, StreamSpecification: { StreamEnabled: false }, + SSESpecification: { Enabled: false }, TableName: 'foo', }, ], diff --git a/packages/dynamodb-data-mapper/src/DataMapper.ts b/packages/dynamodb-data-mapper/src/DataMapper.ts index e91a0ba3..6a00fb45 100644 --- a/packages/dynamodb-data-mapper/src/DataMapper.ts +++ b/packages/dynamodb-data-mapper/src/DataMapper.ts @@ -280,6 +280,7 @@ export class DataMapper { streamViewType = 'NONE', writeCapacityUnits, indexOptions = {}, + sseSpecification = { enabled: false }, }: CreateTableOptions ) { const schema = getSchema(valueConstructor.prototype); @@ -300,6 +301,13 @@ export class DataMapper { StreamSpecification: streamViewType === 'NONE' ? { StreamEnabled: false } : { StreamEnabled: true, StreamViewType: streamViewType }, + SSESpecification: sseSpecification.enabled + ? { + Enabled: true, + SSEType: sseSpecification.sseType, + KMSMasterKeyId: sseSpecification.kmsMasterKeyId, + } + : { Enabled: false }, }).promise(); if (TableStatus !== 'ACTIVE') { diff --git a/packages/dynamodb-data-mapper/src/namedParameters/CreateTableOptions.ts b/packages/dynamodb-data-mapper/src/namedParameters/CreateTableOptions.ts index be7749e8..b89b7089 100644 --- a/packages/dynamodb-data-mapper/src/namedParameters/CreateTableOptions.ts +++ b/packages/dynamodb-data-mapper/src/namedParameters/CreateTableOptions.ts @@ -4,8 +4,22 @@ import { PerIndexOptions } from './SecondaryIndexOptions'; export interface CreateTableOptions extends ProvisionedThroughput { streamViewType?: StreamViewType; indexOptions?: PerIndexOptions; + sseSpecification?: SseSpecification; } +export interface SseSpecification { + enabled: boolean; + sseType?: SseType; + kmsMasterKeyId?: string; +} + +/** + * Server-side encryption type: + * AES256 - Server-side encryption which uses the AES256 algorithm (not applicable). + * KMS - Server-side encryption which uses AWS Key Management Service. + */ +export type SseType = 'AES256' | 'KMS' + export type StreamViewType = 'NEW_IMAGE' | 'OLD_IMAGE' |