
* Modify S6327: Improve the recommended fix * Apply suggestions from code review * add more info * improvement
19 lines
685 B
Plaintext
19 lines
685 B
Plaintext
== Recommended Secure Coding Practices
|
|
|
|
It is recommended to encrypt SNS topics that contain sensitive information.
|
|
|
|
To do so, create a master key and assign the SNS topic to it. Note that this
|
|
system does not encrypt the following:
|
|
|
|
* Topic metadata (topic name and attributes)
|
|
* Message metadata (subject, message ID, timestamp, and attributes)
|
|
* Data protection policy
|
|
* Per-topic metrics
|
|
|
|
Then, make sure that any publishers have the ``++kms:GenerateDataKey*++`` and
|
|
``++kms:Decrypt++`` permissions for the AWS KMS key.
|
|
|
|
See https://docs.aws.amazon.com/sns/latest/dg/sns-key-management.html#sns-what-permissions-for-sse[AWS SNS Key Management Documentation]
|
|
for more information.
|
|
|