diff --git a/packages/aws-cdk-lib/aws-dynamodb/lib/encryption.ts b/packages/aws-cdk-lib/aws-dynamodb/lib/encryption.ts
index 5ed288411fd5f..08b24c7967b75 100644
--- a/packages/aws-cdk-lib/aws-dynamodb/lib/encryption.ts
+++ b/packages/aws-cdk-lib/aws-dynamodb/lib/encryption.ts
@@ -70,7 +70,7 @@ export abstract class TableEncryptionV2 {
 
         if (replicaRegion === stackRegion) {
           return {
-            kmsMasterKeyId: tableKey.keyArn,
+            kmsMasterKeyId: tableKey.keyId,
           } satisfies CfnGlobalTable.ReplicaSSESpecificationProperty;
         }
 
diff --git a/packages/aws-cdk-lib/aws-dynamodb/test/encryption.test.ts b/packages/aws-cdk-lib/aws-dynamodb/test/encryption.test.ts
index 99763c380ae8d..91cb8cf94d543 100644
--- a/packages/aws-cdk-lib/aws-dynamodb/test/encryption.test.ts
+++ b/packages/aws-cdk-lib/aws-dynamodb/test/encryption.test.ts
@@ -98,10 +98,20 @@ describe('customer managed keys', () => {
   test('can render replica SSE specification in deployment region', () => {
     // WHEN / THEN
     expect(encryption._renderReplicaSseSpecification(stack, stack.region)).toEqual({
-      kmsMasterKeyId: tableKey.keyArn,
+      kmsMasterKeyId: tableKey.keyId,
     });
   });
 
+  test('replica SSE specification uses key ID format not ARN format', () => {
+    // WHEN
+    const result = encryption._renderReplicaSseSpecification(stack, stack.region);
+
+    // THEN
+    expect(result.kmsMasterKeyId).toBe(tableKey.keyId);
+    expect(result.kmsMasterKeyId).not.toBe(tableKey.keyArn);
+    expect(result.kmsMasterKeyId).not.toContain('arn:aws:kms');
+  });
+
   test('can render replica SSE specification in replica region', () => {
     // WHEN / THEN
     expect(encryption._renderReplicaSseSpecification(stack, 'us-east-1')).toEqual({
diff --git a/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts b/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts
index be8454f09ba3f..82eb348fed071 100644
--- a/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts
+++ b/packages/aws-cdk-lib/aws-dynamodb/test/table-v2.test.ts
@@ -926,10 +926,7 @@ describe('table', () => {
           Region: 'us-west-2',
           SSESpecification: {
             KMSMasterKeyId: {
-              'Fn::GetAtt': [
-                'Key961B73FD',
-                'Arn',
-              ],
+              Ref: 'Key961B73FD',
             },
           },
           TableClass: 'STANDARD_INFREQUENT_ACCESS',