Ensure that Server-Side Encryption (SSE) is enabled for your AWS Simple Notification Service (SNS) topics for additional protection of sensitive data delivered as messages to subscribers. With the SSE feature enabled, when messages are published to encrypted topics, AWS SNS immediately encrypts the messages using a 256-bit AES-GCM algorithm and a Customer Master Key (CMK) issued by Amazon KMS service. AWS SNS Server-Side Encryption can work with both AWS-managed CMKs and customer-managed CMKs.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Amazon SNS Server-Side Encryption (SSE) feature protects the contents of the published messages within your SNS topics, making it ideal for security-sensitive applications with strict encryption compliance and regulatory requirements.
To determine if your Amazon SNS topics are using Server-Side Encryption, perform the following actions:
To enable Server-Side Encryption (SSE) for your Amazon Simple Notification Service (SNS) topics, perform the following actions:Note: Enabling data-at-rest encryption for existing Amazon SNS topics using the AWS API via Command Line Interface (CLI) is not currently supported.