turbot/aws_insights

Query: dynamodb_table_encryption_type

Usage

powerpipe query aws_insights.query.dynamodb_table_encryption_type

SQL

with table_encryption_status as (
select
t.name as table_name,
case
when t.sse_description ->> 'SSEType' = 'KMS'
and k.key_manager = 'AWS' then 'AWS Managed'
when t.sse_description ->> 'SSEType' = 'KMS'
and k.key_manager = 'CUSTOMER' then 'Customer Managed'
else 'Default'
end as encryption_type
from
aws_dynamodb_table as t
left join aws_kms_key as k on t.sse_description ->> 'KMSMasterKeyArn' = k.arn
where
t.arn = $1
)
select
encryption_type as value,
'Encryption Type' as label -- case when encryption_type is not null then 'ok' else 'alert' end as type
from
table_encryption_status
group by
encryption_type;

Dashboards

The query is used in the dashboards: