enable-topic-encryption
Explanation
Queues should be encrypted with customer managed KMS keys and not default AWS managed keys, in order to allow granular control over access to specific queues.
Possible Impact
The SNS topic messages could be read if compromised
Suggested Resolution
Turn on SNS Topic encryption
Insecure Example
The following example will fail the aws-sns-enable-topic-encryption check.
resource "aws_sns_topic" "bad_example" {
# no key id specified
}
Secure Example
The following example will pass the aws-sns-enable-topic-encryption check.
resource "aws_sns_topic" "good_example" {
kms_master_key_id = "/blah"
}