SNS Topic Not Encrypted

• Query id: 28545147-2fc6-42d5-a1f9-cf226658e591
• Query name: SNS Topic Not Encrypted
• Platform: Terraform
• Severity: High
• Category: Encryption
• CWE: 311
• URL: Github

Description

SNS (Simple Notification Service) Topic should be encrypted
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "aws_sns_topic" "user_updates" {
  name              = "user-updates-topic"
  kms_master_key_id = ""
}

Positive test num. 2 - tf file

provider "aws" {
  region = "us-east-1"
}

resource "aws_sns_topic" "test" {
  name = "sns_not_ecnrypted"
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

provider "aws2" {
  region = "us-east-1"
}

resource "aws_sns_topic" "test2" {
  name              = "sns_ecnrypted"
  kms_master_key_id = "alias/MyAlias"
}