Skip to main content

AWS SNS topic should be encrypted

  • GG_ID: GG_IAC_0061
  • Severity: HIGH
  • Complexity: LOW
  • Categories: DATA, PERMISSION
  • Providers: AWS
  • Potential data exposure: True
  • Visible in logs: False
  • User interaction required: False
  • Privileges required: True


Amazon Simple Notification Service (Amazon SNS) is a managed service that provides message delivery from publishers to subscribers. An Amazon SNS topic is a logical access point that acts as a communication channel.

The message body in Amazon SNS topics should always be encrypted to protect the data if accesses are compromised.


Not encrypting data could lead to data leak in case of an attack.

Remediation guidelines#

Enable encryption at rest for the SNS topic. Note that all requests to topics with encryption enabled must use HTTPS and Signature Version 4.

External documentation#