rspec/rules/S6327/recommended.adoc
Loris S. d04661341c
Modify S6327: Improve the recommended fix (#4543)
* Modify S6327: Improve the recommended fix

* Apply suggestions from code review

* add more info

* improvement
2024-11-27 12:04:48 +01:00

19 lines
685 B
Plaintext

== Recommended Secure Coding Practices
It is recommended to encrypt SNS topics that contain sensitive information.
To do so, create a master key and assign the SNS topic to it. Note that this
system does not encrypt the following:
* Topic metadata (topic name and attributes)
* Message metadata (subject, message ID, timestamp, and attributes)
* Data protection policy
* Per-topic metrics
Then, make sure that any publishers have the ``++kms:GenerateDataKey*++`` and
``++kms:Decrypt++`` permissions for the AWS KMS key.
See https://docs.aws.amazon.com/sns/latest/dg/sns-key-management.html#sns-what-permissions-for-sse[AWS SNS Key Management Documentation]
for more information.