Although it is available for a DynamoDB Accelerator (DAX) Cluster, AWS does not enforce Server Side Encryption (SSE) by default. Encryption at rest can help protect data that is stored within the cluster by using AWS Key Management Service (KMS), which integrates automatically when enabling the feature.
DynamoDB DAX cluster encryption can only be enabled at the time of creation using AWS KMS or using a customer managed key (CMK). To learn about creating a new cluster with encryption enabled, see the AWS documentation.
In Terraform -
References:
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAX.create-cluster.html
https://docs.aws.amazon.com/amazondynamodb/latest/developerguide/DAXEncryptionAtRest.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/dax_cluster#server_side_encryption