{"id":"dynamodb-default-encryption-aws-owned-cmk","text":"DynamoDB tables are encrypted at rest by default using an AWS-owned CMK at no extra charge; customer-managed KMS keys can optionally be specified via `--sse-specification`.","truth_value":"IN","source":"entries/2026/03/11/amazondynamodb-latest-developerguide-getting-started-step-1html.md","source_url":"","source_hash":"eed13122388b9f71","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"dynamodb-default-encryption-aws-owned-cmk","truth_value":"IN","reason":"premise"}]}}