Documentation of encryptedSnsTopics (update this file)

Why ?

AWS SNS topics are not encrypted by default. This rule checks that all SNS topics are encrypted. Server-side encryption (SSE) lets you store sensitive data in encrypted topics. SSE protects the contents of messages in Amazon SNS topics using keys managed in AWS Key Management Service (AWS KMS).

How to fix ?

To fix this issue, you need to enable encryption on the SNS topic, by setting the KmsMasterKeyId property to a valid KMS key ARN.

CDK:

new sns.Topic(this, 'Topic', {
  masterKey: kms.Key.fromKeyArn(
    this,
    'Key',
    'arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012',
  ),
});

CloudFormation:

Topic:
  Type: AWS::SNS::Topic
  Properties:
    KmsMasterKeyId: arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012

Terraform:

resource "aws_sns_topic" "topic" {
  kms_master_key_id = "arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012"
}

Useful links

https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html#sse-key-terms

Documentation of encryptedSnsTopics (update this file)

Why ?​

How to fix ?​

CDK:​

CloudFormation:​

Terraform:​

Useful links​