Skip to content

Unencrypted SNS topic.

Default Severity: high

Explanation

Topics should be encrypted to protect their contents.

Possible Impact

The SNS topic messages could be read if compromised

Suggested Resolution

Turn on SNS Topic encryption

Insecure Example

The following example will fail the aws-sns-enable-topic-encryption check.

 resource "aws_sns_topic" "bad_example" {
    # no key id specified
 }

Secure Example

The following example will pass the aws-sns-enable-topic-encryption check.

 resource "aws_sns_topic" "good_example" {
    kms_master_key_id = "/blah"
 }