From 2d7c3cae2cbfd8ec6347d1c90c8c2d0c14cc8d53 Mon Sep 17 00:00:00 2001 From: Loris Sierra Date: Wed, 27 Nov 2024 10:48:05 +0100 Subject: [PATCH] improvement --- rules/S6327/recommended.adoc | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/rules/S6327/recommended.adoc b/rules/S6327/recommended.adoc index 7f64df9945b..bde7a0a6055 100644 --- a/rules/S6327/recommended.adoc +++ b/rules/S6327/recommended.adoc @@ -2,8 +2,13 @@ It is recommended to encrypt SNS topics that contain sensitive information. -To do so, create a master key and affect the SNS topic to it. Without a master -key, the SNS topic is not encrypted by default. +To do so, create a master key and assign the SNS topic to it. Note that this +system does not encrypt the following: + +* Topic metadata (topic name and attributes) +* Message metadata (subject, message ID, timestamp, and attributes) +* Data protection policy +* Per-topic metrics Then, make sure that any publishers have the ``++kms:GenerateDataKey*++`` and ``++kms:Decrypt++`` permissions for the AWS KMS key.