Amazon Simple Notification Service (SNS) is a managed messaging service for application-to-application (A2A) and application-to-person (A2P) communication. SNS topics allows publisher systems to fanout messages to a large number of subscriber systems. Amazon SNS allows to encrypt messages when they are received. In the case that adversaries gain physical access to the storage medium or otherwise leak a message they are not able to access the data.
There is a risk if you answered yes to any of those questions.
It is recommended to encrypt SNS topics that contain sensitive information.
To do so, create a master key and assign the SNS topic to it. Note that this system does not encrypt the following:
Then, make sure that any publishers have the kms:GenerateDataKey* and kms:Decrypt permissions for the AWS KMS key.
See AWS SNS Key Management Documentation for more information.
For AWS::SNS::Topic:
AWSTemplateFormatVersion: '2010-09-09'
Resources:
Topic: # Sensitive, encryption disabled by default
Type: AWS::SNS::Topic
Properties:
DisplayName: "unencrypted_topic"
For AWS::SNS::Topic:
AWSTemplateFormatVersion: '2010-09-09'
Resources:
Topic:
Type: AWS::SNS::Topic
Properties:
DisplayName: "encrypted_topic"
KmsMasterKeyId:
Fn::GetAtt:
- TestKey
- KeyId