Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var CheckEnableTopicEncryption = rules.Register( rules.Rule{ AVDID: "AVD-AWS-0095", Provider: provider.AWSProvider, Service: "sns", ShortCode: "enable-topic-encryption", Summary: "Unencrypted SNS topic.", Impact: "The SNS topic messages could be read if compromised", Resolution: "Turn on SNS Topic encryption", Explanation: `Queues should be encrypted with customer managed KMS keys and not default AWS managed keys, in order to allow granular control over access to specific queues.`, Links: []string{ "https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html", }, Terraform: &rules.EngineMetadata{ GoodExamples: terraformEnableTopicEncryptionGoodExamples, BadExamples: terraformEnableTopicEncryptionBadExamples, Links: terraformEnableTopicEncryptionLinks, RemediationMarkdown: terraformEnableTopicEncryptionRemediationMarkdown, }, CloudFormation: &rules.EngineMetadata{ GoodExamples: cloudFormationEnableTopicEncryptionGoodExamples, BadExamples: cloudFormationEnableTopicEncryptionBadExamples, Links: cloudFormationEnableTopicEncryptionLinks, RemediationMarkdown: cloudFormationEnableTopicEncryptionRemediationMarkdown, }, Severity: severity.High, }, func(s *state.State) (results rules.Results) { for _, topic := range s.AWS.SNS.Topics { if topic.Encryption.KMSKeyID.IsEmpty() { results.Add( "Topic does not have encryption enabled.", topic.Encryption.KMSKeyID, ) } else if topic.Encryption.KMSKeyID.EqualTo("alias/aws/sns") { results.Add( "Topic encryption does not use a customer managed key.", topic.Encryption.KMSKeyID, ) } else { results.AddPassed(&topic) } } return }, )
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.