Amazon Simple Notification Service (SNS) is a managed messaging service for application-to-application (A2A) and application-to-person (A2P) communication. SNS topics allows publisher systems to fanout messages to a large number of subscriber systems. Amazon SNS allows to encrypt messages when they are received. In the case that adversaries gain physical access to the storage medium or otherwise leak a message they are not able to access the data.
There is a risk if you answered yes to any of those questions.
It’s recommended to encrypt SNS topics that contain sensitive information. Encryption and decryption are handled transparently by SNS, so no further modifications to the application are necessary.
from aws_cdk import (
aws_sns as sns
)
class TopicStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
sns.Topic( # Sensitive, unencrypted by default
self,
"example"
)
from aws_cdk import (
aws_sns as sns
)
class TopicStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
sns.CfnTopic( # Sensitive, unencrypted by default
self,
"example"
)
from aws_cdk import (
aws_sns as sns
)
class TopicStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
my_key = kms.Key(self, "key")
sns.Topic(
self,
"example",
master_key=my_key
)
from aws_cdk import (
aws_sns as sns
)
class TopicStack(Stack):
def __init__(self, scope: Construct, construct_id: str, **kwargs) -> None:
super().__init__(scope, construct_id, **kwargs)
my_key = kms.Key(self, "key")
sns.CfnTopic(
self,
"example",
kms_master_key_id=my_key.key_id
)