16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
103 lines
2.3 KiB
Plaintext
103 lines
2.3 KiB
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sns.Topic.html[aws_cdk.aws_sns.Topic]:
|
|
|
|
[source,python]
|
|
----
|
|
from aws_cdk import (
|
|
aws_sns as sns
|
|
)
|
|
|
|
class TopicStack(Stack):
|
|
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
|
|
super().__init__(scope, construct_id, **kwargs)
|
|
sns.Topic( # Sensitive, unencrypted by default
|
|
self,
|
|
"example"
|
|
)
|
|
----
|
|
|
|
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sns.CfnTopic.html[aws_cdk.aws_sns.CfnTopic]:
|
|
|
|
[source,python]
|
|
----
|
|
from aws_cdk import (
|
|
aws_sns as sns
|
|
)
|
|
|
|
class TopicStack(Stack):
|
|
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
|
|
super().__init__(scope, construct_id, **kwargs)
|
|
sns.CfnTopic( # Sensitive, unencrypted by default
|
|
self,
|
|
"example"
|
|
)
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sns.Topic.html[aws_cdk.aws_sns.Topic]:
|
|
|
|
[source,python]
|
|
----
|
|
from aws_cdk import (
|
|
aws_sns as sns
|
|
)
|
|
|
|
class TopicStack(Stack):
|
|
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
|
|
super().__init__(scope, construct_id, **kwargs)
|
|
my_key = kms.Key(self, "key")
|
|
sns.Topic(
|
|
self,
|
|
"example",
|
|
master_key=my_key
|
|
)
|
|
----
|
|
|
|
For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sns.CfnTopic.html[aws_cdk.aws_sns.CfnTopic]:
|
|
|
|
[source,python]
|
|
----
|
|
from aws_cdk import (
|
|
aws_sns as sns
|
|
)
|
|
|
|
class TopicStack(Stack):
|
|
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
|
|
super().__init__(scope, construct_id, **kwargs)
|
|
my_key = kms.Key(self, "key")
|
|
sns.CfnTopic(
|
|
self,
|
|
"example",
|
|
kms_master_key_id=my_key.key_id
|
|
)
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
For CfnTopic:
|
|
|
|
* Omitting "kms_master_key_id" disables SNS topics encryption. Make sure it is safe here.
|
|
|
|
For Topic:
|
|
|
|
* Omitting "master_key" disables SNS topics encryption. Make sure it is safe here.
|
|
|
|
|
|
endif::env-github,rspecator-view[]
|