# dynamodb-table-encrypted-kms
<a name="dynamodb-table-encrypted-kms"></a>

Checks if Amazon DynamoDB table is encrypted with Amazon Key Management Service (KMS). The rule is NON\$1COMPLIANT if Amazon DynamoDB table is not encrypted with Amazon KMS. The rule is also NON\$1COMPLIANT if the encrypted Amazon KMS key is not present in `kmsKeyArns` input parameter.



**Identifier:** DYNAMODB\$1TABLE\$1ENCRYPTED\$1KMS

**Resource Types:** AWS::DynamoDB::Table

**Trigger type:** Configuration changes

**Amazon Web Services Region:** All supported Amazon regions

**Parameters:**

kmsKeyArns (Optional)Type: CSV  
Comma separated list of Amazon KMS key ARNs allowed for encrypting Amazon DynamoDB Tables

## Amazon CloudFormation template
<a name="w2aac20c16c17b7d507c19"></a>

To create Amazon Config managed rules with Amazon CloudFormation templates, see [Creating Amazon Config Managed Rules With Amazon CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).