Skip to content

Commit

Permalink
improvement
Browse files Browse the repository at this point in the history
  • Loading branch information
@loris-s-sonarsource
loris-s-sonarsource committed Nov 27, 2024
1 parent 473b60a commit 2d7c3ca
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions rules/S6327/recommended.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,13 @@

It is recommended to encrypt SNS topics that contain sensitive information.

To do so, create a master key and affect the SNS topic to it. Without a master
key, the SNS topic is not encrypted by default.
To do so, create a master key and assign the SNS topic to it. Note that this
system does not encrypt the following:

* Topic metadata (topic name and attributes)
* Message metadata (subject, message ID, timestamp, and attributes)
* Data protection policy
* Per-topic metrics
Then, make sure that any publishers have the ``++kms:GenerateDataKey*++`` and
``++kms:Decrypt++`` permissions for the AWS KMS key.
Expand Down

0 comments on commit 2d7c3ca

Please sign in to comment.