AWS SNS topic should be encrypted

• GG_ID: GG_IAC_0061
• Severity: HIGH
• Complexity: LOW
• Categories: DATA, PERMISSION
• Providers: AWS
• Potential data exposure: True
• Visible in logs: False
• User interaction required: False
• Privileges required: True

Description

Amazon Simple Notification Service (Amazon SNS) is a managed service that provides message delivery from publishers to subscribers. An Amazon SNS topic is a logical access point that acts as a communication channel.

The message body in Amazon SNS topics should always be encrypted to protect the data if accesses are compromised.

Impact

Not encrypting data could lead to data leak in case of an attack.

Remediation guidelines

Enable encryption at rest for the SNS topic. Note that all requests to topics with encryption enabled must use HTTPS and Signature Version 4.

External documentation

• Creating an SNS topic
• SNS topic encryption