Status: IN
DynamoDB tables are encrypted at rest by default using an AWS-owned CMK at no extra charge; customer-managed KMS keys can optionally be specified via `--sse-specification`.
Source: entries/2026/03/11/amazondynamodb-latest-developerguide-getting-started-step-1html.md