diff --git a/rules/S6327/metadata.json b/rules/S6327/metadata.json
index ecaa7bc329a..9942b2145a2 100644
--- a/rules/S6327/metadata.json
+++ b/rules/S6327/metadata.json
@@ -10,7 +10,7 @@
   "status": "ready",
   "remediation": {
     "func": "Constant\/Issue",
-    "constantCost": "10min"
+    "constantCost": "45min"
   },
   "tags": [
     "aws",
diff --git a/rules/S6327/recommended.adoc b/rules/S6327/recommended.adoc
index 619707c6c6b..bde7a0a6055 100644
--- a/rules/S6327/recommended.adoc
+++ b/rules/S6327/recommended.adoc
@@ -1,3 +1,18 @@
 == Recommended Secure Coding Practices
 
-It's recommended to encrypt SNS topics that contain sensitive information. Encryption and decryption are handled transparently by SNS, so no further modifications to the application are necessary.
+It is recommended to encrypt SNS topics that contain sensitive information.
+
+To do so, create a master key and assign the SNS topic to it. Note that this
+system does not encrypt the following:
+
+* Topic metadata (topic name and attributes)
+* Message metadata (subject, message ID, timestamp, and attributes)
+* Data protection policy
+* Per-topic metrics
+
+Then, make sure that any publishers have the ``++kms:GenerateDataKey*++`` and
+``++kms:Decrypt++`` permissions for the AWS KMS key.
+
+See https://docs.aws.amazon.com/sns/latest/dg/sns-key-management.html#sns-what-permissions-for-sse[AWS SNS Key Management Documentation]
+for more information.
+