# dynamodb-table-encrypted-kms
<a name="dynamodb-table-encrypted-kms"></a>

Checks if Amazon DynamoDB table is encrypted with AWS Key Management Service (KMS). The rule is NON\$1COMPLIANT if Amazon DynamoDB table is not encrypted with AWS KMS. The rule is also NON\$1COMPLIANT if the encrypted AWS KMS key is not present in `kmsKeyArns` input parameter.



**Identifier:** DYNAMODB\$1TABLE\$1ENCRYPTED\$1KMS

**Resource Types:** AWS::DynamoDB::Table

**Trigger type:** Configuration changes

**AWS Region:** All supported AWS regions

**Parameters:**

kmsKeyArns (Optional)Type: CSV  
Comma separated list of AWS KMS key ARNs allowed for encrypting Amazon DynamoDB Tables

## AWS CloudFormation template
<a name="w2aac20c16c17b7d501c19"></a>

To create AWS Config managed rules with AWS CloudFormation templates, see [Creating AWS Config Managed Rules With AWS CloudFormation Templates](aws-config-managed-rules-cloudformation-templates.md).