Description

The Server-Side Encryption (SSE) feature in AWS Simple Notification Service (SNS) ensures the security of the content of published messages within your SNS topics, making it a suitable choice for applications with strict encryption compliance and regulatory requirements. To provide additional protection for sensitive data delivered as messages to subscribers, enable Server-Side Encryption (SSE) for your AWS SNS topics. By enabling the SSE feature, AWS SNS encrypts messages using a 256-bit AES-GCM algorithm and a Customer Master Key (CMK) issued by Amazon KMS service as soon as messages are published to encrypted topics. The AWS SNS Server-Side Encryption feature can function with both AWS-managed CMKs and customer-managed CMKs.

Remediation

To ensure additional protection of sensitive data delivered as messages to subscribers in AWS Simple Notification Service (SNS), follow these remediation steps to enable encryption:

  1. Open the Amazon SNS console
  2. In the navigation pane, choose "Topics".
  3. Choose the SNS topic for which you want to enable SSE encryption.
  4. Choose the "Encryption" tab.
  5. Select the "Enable encryption" checkbox.
  6. Choose the CMK that you want to use to encrypt the messages, either an AWS-managed CMK or a customer-managed CMK.
  7. Click "Save changes".

Once SSE encryption is enabled for your SNS topic, messages published to the encrypted topic will be immediately encrypted using a 256-bit AES-GCM algorithm and a Customer Master Key (CMK) issued by Amazon KMS service. This will help you meet strict encryption compliance and regulatory requirements, and ensure the protection of sensitive data in your SNS messages.

Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.