ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Modify S6327: Improve the recommended fix (#4543)

Browse Source 
* Modify S6327: Improve the recommended fix

* Apply suggestions from code review

* add more info

* improvement
This commit is contained in:
Loris S. 2024-11-27 12:04:48 +01:00 committed by GitHub
parent dc4e9af93c
commit d04661341c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
rules/S6327/metadata.json
View File

@ -10,7 +10,7 @@
"status": "ready", "status": "ready",
"remediation": { "remediation": {
"func": "Constant\/Issue", "func": "Constant\/Issue",
"constantCost": "10min" "constantCost": "45min"
}, },
"tags": [ "tags": [
"aws", "aws",

17
rules/S6327/recommended.adoc
View File

@ -1,3 +1,18 @@
== Recommended Secure Coding Practices == Recommended Secure Coding Practices
It's recommended to encrypt SNS topics that contain sensitive information. Encryption and decryption are handled transparently by SNS, so no further modifications to the application are necessary. It is recommended to encrypt SNS topics that contain sensitive information.
To do so, create a master key and assign the SNS topic to it. Note that this
system does not encrypt the following:
* Topic metadata (topic name and attributes)
* Message metadata (subject, message ID, timestamp, and attributes)
* Data protection policy
* Per-topic metrics
Then, make sure that any publishers have the ``++kms:GenerateDataKey*++`` and
``++kms:Decrypt++`` permissions for the AWS KMS key.
See https://docs.aws.amazon.com/sns/latest/dg/sns-key-management.html#sns-what-permissions-for-sse[AWS SNS Key Management Documentation]
for more information.