SNS topic not encrypted with CMK.
Topics should be encrypted with customer managed KMS keys and not default AWS managed keys, in order to allow granular key management.
Impact
Key management very limited when using default keys.
Recommended Actions
Follow the appropriate remediation steps below to resolve the issue.
Use a CMK for SNS Topic encryption
1
2
3
4
5
6
7
8
9
10
|
AWSTemplateFormatVersion: 2010-09-09
Description: Good example of topic
Resources:
Queue:
Type: AWS::SQS::Topic
Properties:
TopicName: blah
KmsMasterKeyId: some-key
|
Use a CMK for SNS Topic encryption
1
2
3
4
|
resource "aws_sns_topic" "good_example" {
kms_master_key_id = "/blah"
}
|
Links