Ensure that Server-Side Encryption (SSE) is enabled for your AWS Simple Notification Service (SNS) topics for additional protection of sensitive data delivered as messages to subscribers. With the SSE feature enabled, when messages are published to encrypted topics, AWS SNS immediately encrypts the messages using a 256-bit AES-GCM algorithm and a Customer Master Key (CMK) issued by Amazon KMS service. AWS SNS Server-Side Encryption can work with both AWS-managed CMKs and customer-managed CMKs.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- Health Insurance Portability and Accountability Act (HIPAA)
- General Data Protection Regulation (GDPR)
- APRA
- MAS
- NIST 800-53 (Rev. 4)
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Amazon SNS Server-Side Encryption (SSE) feature protects the contents of the published messages within your SNS topics, making it ideal for security-sensitive applications with strict encryption compliance and regulatory requirements.
Audit
To determine if your Amazon SNS topics are using Server-Side Encryption, perform the following actions:
Remediation / Resolution
To enable Server-Side Encryption (SSE) for your Amazon Simple Notification Service (SNS) topics, perform the following actions:
References
- AWS Documentation
- Amazon SNS FAQs
- Getting Started with Amazon Simple Notification Service
- Amazon SNS Security
- Protecting Amazon SNS Data Using Server-Side Encryption (SSE) and AWS KMS
- Tutorial: Enabling Server-Side Encryption (SSE) for an Amazon SNS Topic
- AWS Command Line Interface (CLI) Documentation
- sns
- list-topics
- get-topic-attributes
- AWS Blog(s)
- Amazon SNS Adds Server-Side Encryption (SSE)
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
Enable Server-Side Encryption for AWS SNS Topics
Risk level: High