SNS Topic Encrypted With AWS Managed Key
- Query id: b1a72f66-2236-4f3b-87ba-0da1b366956f
- Query name: SNS Topic Encrypted With AWS Managed Key
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- CWE: 326
- URL: Github
Description¶
SNS (Simple Notification Service) Topic should be encrypted with customer-managed KMS keys instead of AWS managed keys
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_sns_topic" "user_updates" {
name = "user-updates-topic"
kms_master_key_id = "alias/aws/sns"
}
Positive test num. 2 - tf file
provider "aws" {
region = "us-east-1"
}
data "aws_kms_key" "by_alias" {
key_id = "alias/aws/sns"
}
resource "aws_sns_topic" "test" {
name = "sns_ecnrypted"
kms_master_key_id = data.aws_kms_key.by_alias.arn
}