Query: dynamodb_table_encryption_type

with table_encryption_status as (
  select
    t.name as table_name,
    case
      when t.sse_description ->> 'SSEType' = 'KMS' and k.key_manager = 'AWS' then 'AWS Managed'
      when t.sse_description ->> 'SSEType' = 'KMS' and k.key_manager = 'CUSTOMER' then 'Customer Managed'
      else 'Default'
    end as encryption_type
  from
    aws_dynamodb_table as t
    left join aws_kms_key as k on t.sse_description ->> 'KMSMasterKeyArn' = k.arn
  where
    t.arn = $1
)
select
  encryption_type as value,
  'Encryption Type' as label
from
  table_encryption_status
  group by encryption_type;