SNS topic not encrypted with CMK.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | sns |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description#
The SNS topic is encrypted using the default AWS-managed KMS key instead of a customer managed key (CMK), limiting control over key rotation, access policies, and lifecycle. This configuration reduces the ability to enforce strict security requirements for sensitive notifications.
Impact#
Using the default AWS-managed KMS key restricts granular control over key management, making it harder to enforce access restrictions or respond to key compromise. If compromised, unauthorized users might gain access to sensitive topic data, and compliance requirements for data protection may not be met.
Resolution#
Use a CMK for SNS Topic encryption