Encrypted Table Resource

High-level helper class to provide a familiar interface to encrypted tables.

class dynamodb_encryption_sdk.encrypted.table.EncryptedTable(table: boto3.resources.base.ServiceResource, materials_provider: dynamodb_encryption_sdk.material_providers.CryptographicMaterialsProvider, table_info: Optional[dynamodb_encryption_sdk.structures.TableInfo] = None, attribute_actions: Optional[dynamodb_encryption_sdk.structures.AttributeActions] = None, auto_refresh_table_indexes: Optional[bool] = True)[source]

Bases: object

High-level helper class to provide a familiar interface to encrypted tables.

>>> import boto3
>>> from dynamodb_encryption_sdk.encrypted.table import EncryptedTable
>>> from dynamodb_encryption_sdk.material_providers.aws_kms import AwsKmsCryptographicMaterialsProvider
>>> table = boto3.resource('dynamodb').Table('my_table')
>>> aws_kms_cmp = AwsKmsCryptographicMaterialsProvider('alias/MyKmsAlias')
>>> encrypted_table = EncryptedTable(
...     table=table,
...     materials_provider=aws_kms_cmp
... )


This class provides a superset of the boto3 DynamoDB Table API, so should work as a drop-in replacement once configured.


If you want to provide per-request cryptographic details, the put_item, get_item, query, and scan methods will also accept a crypto_config parameter, defining a custom CryptoConfig instance for this request.


We do not currently support the update_item method.

  • table (boto3.resources.base.ServiceResource) – Pre-configured boto3 DynamoDB Table object

  • materials_provider (CryptographicMaterialsProvider) – Cryptographic materials provider to use

  • table_info (TableInfo) – Information about the target DynamoDB table

  • attribute_actions (AttributeActions) – Table-level configuration of how to encrypt/sign attributes

  • auto_refresh_table_indexes (bool) – Should we attempt to refresh information about table indexes? Requires dynamodb:DescribeTable permissions on each table. (default: True)


Update item is not yet supported.


Create a batch writer object.



overwrite_by_pkeys (list(string)) – De-duplicate request items in buffer if match new request item on specified primary keys. i.e ["partition_key1", "sort_key2", "sort_key3"]