Status: IN
DynamoDB encryption at rest is always enabled and cannot be disabled; you can only choose between AWS owned key (free), AWS managed key, or customer managed key.
Source: entries/2026/03/11/amazondynamodb-latest-developerguide-EncryptionAtResthtml.md