SNS Topic should have server-side encryption enabled

Docs > Datadog Security > OOTB Rules > SNS Topic should have server-side encryption enabled

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

Enable Server-Side Encryption for your AWS Simple Notification Service (SNS) topics.

Rationale

Server-Side Encryption (SSE) protects the data of published messages within your SNS topics, which can help adhere to compliance and regulatory requirements.

Remediation

From the console

Follow the Enabling server-side encryption (SSE) for an Amazon SNS topic docs to learn how to enable encryption from the AWS Management Console.

From the command line

Run set-topic-attributes with the ARN of the SNS topic and the KmsMasterKeyId.

set-topic-attributes.sh

aws sns set-topic-attributes
  --topic-arn arn:aws:sns:region:123456789012:YourTopic
  --attribute-name KmsMasterKeyId
  --attribute-value YourTopicDisplayName