data redaction or mask in dynamodb

Question

Hello

How to put Redaction/Masking in place for all PII DB columns in DYNAMODB

when user query data based on role , PII data should be shown redacted/masked
do we have any tools to use for redaction/masking for dynamodb or any other approach
Could you let me know

Answer

While DynamoDB is designed to be encrypted-at-rest [1], there is currently no native feature in DynamoDB to mask/redact data.

Depending on your use case, you might want to look into fine-grained access control [2], which allows specifying conditions to determine how IAM policies take effect in DynamoDB.

Further, the following documentation on best practices for securing sensitive data may also be of use: [3]

[1]https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/EncryptionAtRest.html

[2]https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/specifying-conditions.html

[3]https://aws.amazon.com/blogs/database/applying-best-practices-for-securing-sensitive-data-in-amazon-dynamodb/

data redaction or mask in dynamodb

Conteúdo relevante