Open jdheyburn opened 4 years ago
Currently SNS topics are not encrypted and thus are flagged as a security issue.
An equivalent KMS key generated for SNS. Here is an example pulled from kms.tf to encrypt SQS.
kms.tf
// KMS key for server-side encryption (SSE) of SQS resource "aws_kms_key" "sse_sqs" { description = "BinaryAlert Server-Side Encryption - SQS" enable_key_rotation = true tags = { Name = var.tagged_name } policy = data.aws_iam_policy_document.kms_allow_s3.json } resource "aws_kms_alias" "sse_sqs_alias" { name = "alias/${var.name_prefix}_binaryalert_sse_sqs" target_key_id = aws_kms_key.sse_sqs.key_id }
Background
Currently SNS topics are not encrypted and thus are flagged as a security issue.
Desired Change
An equivalent KMS key generated for SNS. Here is an example pulled from
kms.tfto encrypt SQS.