Enable encryption of the sns topic created by lift construct

[ghost]

Hi,

While using the lift construct to create sqs queues and worker lambdas, an sns topic is created when alarm is specified. Could you please have serverside encryption enabled for this sns topic?

[fredericbarthelet]

Hi @alanjoseuk and thanks for requesting this improvement. As of today, you can rely on the extension feature to enable SSE on the SNS topic. Here is an exemple service file definition to achieve this:

constructs:
    my-queue:
        type: queue
        worker:
            handler: src/worker.handler
        alarm: alerting@mycompany.com
        extensions:
            alarm:
                Properties:
                    KmsMasterKeyId: "myKmsKeyId"

There is some dedicated configuration existing on the Queue construct to provide your own KMS key without relying on extensions for the SQS queue itself (see https://github.com/getlift/lift/blob/master/docs/queue.md#encryption). When a user specify SSE with a customer-owned KMS key, this configuration could be used as well for SNS if any alarm is configured as well. WDYT ? Would you be up to draft a PR to implement such functionality ?