diff --git a/packages/dynamodb-data-mapper/src/DataMapper.spec.ts b/packages/dynamodb-data-mapper/src/DataMapper.spec.ts index 8510a5e8..7877223e 100644 --- a/packages/dynamodb-data-mapper/src/DataMapper.spec.ts +++ b/packages/dynamodb-data-mapper/src/DataMapper.spec.ts @@ -824,7 +824,8 @@ describe('DataMapper', () => { ReadCapacityUnits: 5, WriteCapacityUnits: 5, }, - StreamSpecification: { StreamEnabled: false } + StreamSpecification: { StreamEnabled: false }, + SSESpecification: { Enabled: false }, }, ] ]); @@ -883,6 +884,7 @@ describe('DataMapper', () => { StreamEnabled: true, StreamViewType: 'NEW_AND_OLD_IMAGES' }, + SSESpecification: { Enabled: false }, }, ] ]); @@ -911,6 +913,46 @@ describe('DataMapper', () => { ], BillingMode: 'PAY_PER_REQUEST', StreamSpecification: { StreamEnabled: false }, + SSESpecification: { Enabled: false }, + }, + ] + ]); + }); + + it('should allow enabling sse using AWS managed CMK', async () => { + await mapper.createTable(Item, { + readCapacityUnits: 5, + writeCapacityUnits: 5, + sseSpecification: { + sseType: 'KMS', + }, + }); + + expect(mockDynamoDbClient.createTable.mock.calls).toEqual([ + [ + { + TableName: 'foo', + AttributeDefinitions: [ + { + AttributeName: 'id', + AttributeType: 'S' + } + ], + KeySchema: [ + { + AttributeName: 'id', + KeyType: 'HASH', + } + ], + ProvisionedThroughput: { + ReadCapacityUnits: 5, + WriteCapacityUnits: 5, + }, + StreamSpecification: { StreamEnabled: false }, + SSESpecification: { + Enabled: true, + SSEType: 'KMS', + }, }, ] ]); @@ -1103,6 +1145,7 @@ describe('DataMapper', () => { WriteCapacityUnits: 5, }, StreamSpecification: { StreamEnabled: false }, + SSESpecification: { Enabled: false }, TableName: 'foo', }, ], @@ -1227,6 +1270,7 @@ describe('DataMapper', () => { ], BillingMode: 'PAY_PER_REQUEST', StreamSpecification: { StreamEnabled: false }, + SSESpecification: { Enabled: false }, TableName: 'foo', }, ], diff --git a/packages/dynamodb-data-mapper/src/DataMapper.ts b/packages/dynamodb-data-mapper/src/DataMapper.ts index 2cd58952..c4d9ad79 100644 --- a/packages/dynamodb-data-mapper/src/DataMapper.ts +++ b/packages/dynamodb-data-mapper/src/DataMapper.ts @@ -293,6 +293,7 @@ export class DataMapper { streamViewType = 'NONE', indexOptions = {}, billingMode, + sseSpecification, } = options; const { @@ -307,6 +308,13 @@ export class DataMapper { StreamSpecification: streamViewType === 'NONE' ? { StreamEnabled: false } : { StreamEnabled: true, StreamViewType: streamViewType }, + SSESpecification: sseSpecification + ? { + Enabled: true, + SSEType: sseSpecification.sseType, + KMSMasterKeyId: sseSpecification.kmsMasterKeyId, + } + : { Enabled: false }, }).promise(); if (TableStatus !== 'ACTIVE') { diff --git a/packages/dynamodb-data-mapper/src/namedParameters/CreateTableOptions.ts b/packages/dynamodb-data-mapper/src/namedParameters/CreateTableOptions.ts index e063f5e0..d174090d 100644 --- a/packages/dynamodb-data-mapper/src/namedParameters/CreateTableOptions.ts +++ b/packages/dynamodb-data-mapper/src/namedParameters/CreateTableOptions.ts @@ -5,6 +5,12 @@ interface BaseCreateTableOptions { streamViewType?: StreamViewType; indexOptions?: PerIndexOptions; billingMode?: BillingMode; + sseSpecification?: SseSpecification; +} + +export interface SseSpecification { + sseType: SseType; + kmsMasterKeyId?: string; } export interface ProvisionedCreateTableOptions extends ProvisionedThroughput, BaseCreateTableOptions { @@ -19,6 +25,13 @@ export type CreateTableOptions = ProvisionedCreateTableOptions | OnDemandCreateT export type BillingMode = 'PROVISIONED' | 'PAY_PER_REQUEST'; +/** + * Server-side encryption type: + * AES256 - Server-side encryption which uses the AES256 algorithm (not applicable). + * KMS - Server-side encryption which uses AWS Key Management Service. + */ +export type SseType = 'AES256' | 'KMS'; + export type StreamViewType = 'NEW_IMAGE' | 'OLD_IMAGE' |