AWS Database Encryption SDK for Amazon DynamoDB In Preview
Written by Nikos Vaggalis   
Monday, 24 July 2023

AWS Database Encryption SDK is an upgrade to the existing Amazon DynamoDB Encryption Client, that enables attribute level encryption of DynamoDB workloads client-side.

DynamoDB has always had server-side encryption to ensure your data was encrypted at rest. This new SDK enables client- side encryption too, allowing you to protect the data in transit before it even leaves its origin. Previously, if you wanted client-side encryption you had to provision your own solution in your applications. With the SDK that's a thing of the past.

As far as Attribute-level encryption goes, this refers to the process of encrypting individual attributes or fields within a larger data structure or object. It allows for more granular control over the encryption of sensitive data, as different attributes can have different encryption keys and access policies. For example, in Amazon FinSpace, attribute sets are used to describe datasets, and attributes within these sets help capture additional business context for each dataset. This allows for better search results and metadata quality. Similarly, in Amazon GameLift's FlexMatch, player attributes can be declared within a rule set, which can then be used to pass information to the game session.

That aside, it also lets you easily search on encrypted attributes without decrypting the entire database beforehand. This lets you find the right information quickly while your data remains securely encrypted within the database.

Moreover,it has also been designed with multi-tenancy in mind, meaning that you can have multiple Key Management Service providers encrypting different parts of the same table as well as using KMS key policies to enforce clear separation between the authorized users who can access specific encrypted attributes and those who cannot.

The SDK is available for Java, and in order to use it, you must have:

  • A Java 8 or newer development environment.
  • Declare a Dependency on the DB-ESDK for DynamoDB in Java and it's dependencies, via Gradle or Maven.
  • the DynamoDB client from the AWS SDK for Java V2 and the AwsCryptographicMaterialProviders library.
  • An Amazon Web Services (AWS) account to use the DB-ESDK for DynamoDB as it's specifically designed to work with Amazon DynamoDB.

Optionally, you can use AWS Key Management Service (AWS KMS) as your main keyring provider.


More Information

AWS Database Encryption SDK for DynamoDB in Java
Announcing preview of the AWS Database Encryption SDK for Amazon DynamoDB

Related Articles 

AWS Lambda Adopts Python 3.10

AWS Lambda Adopts Java 17


To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.


Running PostgreSQL Inside Your Browser With PGLite

Thanks to WebAssembly we can now enjoy PostgreSQL inside the browser so that we can build reactive, realtime, local-first apps directly on Postgres. PGLite is about to make this even easier.

Falco On Track To Version 1.0.0

Falco is a cloud native runtime security tool for the Linux operating system, designed to detect abnormal behavior and warn of potential security threats in real-time. Now it's about to release its fi [ ... ]

More News

raspberry pi books



or email your comment to: