HIGH
Source
Trivy/CSPM
CSPM ID
sns-topic-encrypted
ID
AVD-AWS-0095

Unencrypted SNS topic.

Topics should be encrypted to protect their contents.

Impact

The SNS topic messages could be read if compromised

Follow the appropriate remediation steps below to resolve the issue.

Turn on SNS Topic encryption

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
---
AWSTemplateFormatVersion: "2010-09-09"
Description: A sample template
AWSTemplateFormatVersion: 2010-09-09
Description: Good example of topic
Resources:
  Queue:
    Type: AWS::SQS::Topic
    Properties:
      TopicName: blah
      KmsMasterKeyId: some-key

Turn on SNS Topic encryption

1
2
3
resource "aws_sns_topic" "good_example" {
  kms_master_key_id = "/blah"
}