Control: 1 SNS topics should be encrypted at rest using AWS KMS
This control checks whether an SNS topic is encrypted at rest using AWS KMS.
Encrypting data at rest reduces the risk of data stored on disk being accessed by a user not authenticated to AWS. It also adds another set of access controls to limit the ability of unauthorized users to access the data. For example, API permissions are required to decrypt the data before it can be read. SNS topics should be encrypted at-rest for an added layer of security. For more information, see Encryption at rest in the
Amazon Simple Notification Service Developer Guide.
To remediate this issue, update your SNS topic to enable encryption.
To encrypt an unencrypted SNS topic
- Open the Amazon SNS console.
- In the navigation pane, choose
- Choose the name of the topic to encrypt.
- Choose the
KMS keyto use to encrypt the topic.
steampipe check aws_compliance.control.foundational_security_sns_1
This control uses a named query:sns_topic_encrypted_at_rest